RFC 5176 on Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
rfc-editor@rfc-editor.org Fri, 01 February 2008 01:32 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB6DE28C27B for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Thu, 31 Jan 2008 17:32:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.395
X-Spam-Level:
X-Spam-Status: No, score=-4.395 tagged_above=-999 required=5 tests=[AWL=2.204, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uh4pAN4g6y1f for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Thu, 31 Jan 2008 17:32:13 -0800 (PST)
Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id 992AF28C260 for <radext-archive-IeZ9sae2@lists.ietf.org>; Thu, 31 Jan 2008 17:29:53 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JKkdu-0003Jc-TH for radiusext-data@psg.com; Fri, 01 Feb 2008 01:24:34 +0000
Received: from [128.9.168.207] (helo=bosco.isi.edu) by psg.com with esmtp (Exim 4.68 (FreeBSD)) (envelope-from <rfc-editor@rfc-editor.org>) id 1JKkds-0003J6-66 for radiusext@ops.ietf.org; Fri, 01 Feb 2008 01:24:33 +0000
Received: by bosco.isi.edu (Postfix, from userid 70) id B67F010C7AD; Thu, 31 Jan 2008 17:24:31 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 5176 on Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, radiusext@ops.ietf.org
Message-Id: <20080201012431.B67F010C7AD@bosco.isi.edu>
Date: Thu, 31 Jan 2008 17:24:31 -0800
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
A new Request for Comments is now available in online RFC libraries.
RFC 5176
Title: Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)
Author: M. Chiba, G. Dommety,
M. Eklund, D. Mitton,
B. Aboba
Status: Informational
Date: January 2008
Mailbox: mchiba@cisco.com,
gdommety@cisco.com,
meklund@cisco.com, david@mitton.com,
bernarda@microsoft.com
Pages: 34
Characters: 79541
Obsoletes: RFC3576
See-Also:
I-D Tag: draft-ietf-radext-rfc3576bis-13.txt
URL: http://www.rfc-editor.org/rfc/rfc5176.txt
This document describes a currently deployed extension to the Remote
Authentication Dial In User Service (RADIUS) protocol, allowing
dynamic changes to a user session, as implemented by network access
server products. This includes support for disconnecting users and
changing authorizations applicable to a user session. This memo provides
information for the Internet community.
This document is a product of the RADIUS EXTensions
Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution
of this memo is unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:
To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.
The RFC Editor Team
USC/Information Sciences Institute
...
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 31 Jan 2008 08:55:49 +0000
Message-ID: <47A18C37.6040209@nitros9.org>
Date: Thu, 31 Jan 2008 09:52:07 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Question about RFC 2865
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Section 5 (Attributes), page 25 says:
...
Value
The Value field is zero or more octets and contains information
specific to the Attribute.
...
However, the following text defining type-specific formats does not
define any circumstance under which a Value field of zero octets is
permissible. Instead, the "string" and "text" types say:
...length zero (0) MUST NOT be sent;
omit the entire attribute instead.
This appears to be an inconsistency in the document. Is it a problem?
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 29 Jan 2008 17:50:58 +0000
Message-ID: <BAY117-DS16085FA146F730D8FABCB93350@phx.gbl>
From: <Bernard_Aboba@hotmail.com>
To: "Beck01, Wolfgang" <BeckW@t-systems.com>, <rfc-editor@rfc-editor.org>, <Baruch.Sterman@Kayote.com>, <dromasca@avaya.com>, <rbonica@juniper.net>, <radiusext@ops.ietf.org>
Cc: <dschwartz@xconnect.net>, <mikem@open.com.au>, <david.schwartz@xconnect.net>, <dscreat@dscreat.com>, <dwilli@cisco.com>, <dromasca@avaya.com>, <rbonica@juniper.net>, <d.b.nelson@comcast.net>
Subject: Re: AW: [ADs] Re: RFC 5090 -- draft-ietf-radext-rfc4590bis -- Re: Problem with fixes to Appendix A
Date: Tue, 29 Jan 2008 09:50:46 -0800
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
Content-Transfer-Encoding: 8bit
Can the authors huddle and figure this out? We really do want to get the
test vectors right before publishing RFC 5090.
--------------------------------------------------
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
Sent: Tuesday, January 29, 2008 6:12 AM
To: <rfc-editor@rfc-editor.org>; <Baruch.Sterman@Kayote.com>;
<dromasca@avaya.com>; <rbonica@juniper.net>
Cc: <dschwartz@xconnect.net>; <bernard_aboba@hotmail.com>;
<mikem@open.com.au>; <david.schwartz@xconnect.net>; <dscreat@dscreat.com>;
<dwilli@cisco.com>; <dromasca@avaya.com>; <rbonica@juniper.net>;
<d.b.nelson@comcast.net>
Subject: AW: [ADs] Re: RFC 5090 -- draft-ietf-radext-rfc4590bis -- Re:
Problem with fixes to Appendix A
> I hate to say it, but there are still bugs in the examples.
>
> In the Access-Request with id 0x7d, I calculate a Digest-Response of
> 958ce2c45980c79bd91c3044f32be6da
> and a Message-Authenticator of
> 92A87E1C88BD9573958327C656094634
>
> For the corresponding Access-Accept, I get an Authenticator of
> F237371FFDBFE48CBD9F63D25086B004
> a Digest-Response-Auth of
> 1e2e26caa5611b083e201778485fb394
> and a Message Authenticator of
> 51C3078093B3C5C15FACF27A27E7BE0A
>
> In the Access-Request with id 0x7e, the diff version states a packet
> length of 72. Summing up
> 20 Byte RADIUS header
> 6 Byte NAS-IP
> 6 Byte NAS-Port
> 5 Byte Digest-Method GET
> 13 Byte Digest-URI /index.html
> 18 Byte Message-Authenticator
> ---
> 68 Bytes, not 72.
>
> My script comes up with a Message-Authenticator of
> 690BFC95E88DF3B185F15CD78E469992
>
> For the Access-Request with Id 0x7f, I calculate a
> Digest-Response of
> 5af2aae88d01277b70c03865ced2abef
> and a Message-Authenticator of
> 904890FD52DA0DEDF400B8CABD7A8642
>
> For the Accesss-Accept of Id 0x7f, I get an Authenticator of
> EB50D310D1649A0C3FCEBC2623422FCA
> a Digest-Response-Auth of
> 0414c25df396d125d79380982de80516
> and a Message-Authenticator of
> 08EBFB290D55EEA4BF8FB48405A16E55
>
> For the packets with id 0x7c, I get the same values as in the rfc doc.
>
>> -----Ursprüngliche Nachricht-----
>> Von: RFC Editor [mailto:rfc-editor@rfc-editor.org]
>> Gesendet: Dienstag, 29. Januar 2008 02:38
>> An: Baruch Sterman; Dan Romascanu; Ronald Bonica
>> Cc: David Schwartz; Bernard Aboba; Beck, Wolfgang;
>> mikem@open.com.au; David Schwartz; dscreat@dscreat.com;
>> dwilli@cisco.com; Dan Romascanu; Ronald Bonica;
>> d.b.nelson@comcast.net; RFC Editor
>> Betreff: [ADs] Re: RFC 5090 -- draft-ietf-radext-rfc4590bis
>> -- Re: Problem with fixes to Appendix A
>>
>>
>> Greetings Dan and Ron,
>>
>> Please review the changes in the Appendix below and let us
>> know if you approve.
>>
>> Note that you can also review the changes to the Appendix in
>> the diff file located at:
>>
>> ftp://ftp.rfc-editor.org/in-notes/authors/rfc5090-last-diff.html
>>
>> All of the authors have signed off on the document, and we
>> now await your approval before announcing the document.
>>
>> Thank you.
>>
>> RFC Editor
>>
>>
>> On Tue, Jan 15, 2008 at 08:35:36PM +0200, Baruch Sterman wrote:
>> > I hope this does it!
>> >
>> >
>> >
>> > Thanks to everyone.
>> >
>> >
>> >
>> >
>> >
>> > We would like to add at the top of the acknowledgements:
>> >
>> >
>> >
>> > The authors would like to thank Mike McCauley for his help in
>> > working through the details of the examples.
>> >
>> >
>> >
>> >
>> >
>> > Here is the full version of examples. I highlighted places
>> where there
>> > are changes:
>> >
>> >
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > INVITE sip:97226491335@example.com SIP/2.0
>> >
>> > From: <sip:12345678@example.com>
>> >
>> > To: <sip:97226491335@example.com>
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > SIP/2.0 100 Trying
>> >
>> >
>> >
>> > B->C
>> >
>> >
>> >
>> > Code = Access-Request (1)
>> >
>> > Packet identifier = 0x7c (124)
>> >
>> > Length = 97
>> >
>> > Authenticator = F5E55840E324AA49D216D9DBD069807C
>> >
>> > NAS-IP-Address = 192.0.2.38
>> >
>> > NAS-Port = 5
>> >
>> > User-Name = 12345678
>> >
>> > Digest-Method = INVITE
>> >
>> > Digest-URI = sip:97226491335@example.com
>> >
>> > Message-Authenticator = 7600D5B0BDC33987A60D5C6167B28B3B
>> >
>> >
>> >
>> > C->B
>> >
>> >
>> >
>> > Code = Access-challenge (11)
>> >
>> > Packet identifier = 0x7c (124)
>> >
>> > Length = 72
>> >
>> > Authenticator = EBE20199C26EFEAD69BF8AB0E786CA4D
>> >
>> > Digest-Nonce = 3bada1a0
>> >
>> > Digest-Realm = example.com
>> >
>> > Digest-Qop = auth
>> >
>> > Digest-Algorithm = MD5
>> >
>> > Message-Authenticator = 5DA18ED3BBC9513DCBDE0A37F51B7DE3
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > SIP/2.0 407 Proxy Authentication Required
>> >
>> > Proxy-Authenticate: Digest realm="example.com"
>> >
>> > ,nonce="3bada1a0",qop=auth,algorithm=MD5
>> >
>> > Content-Length: 0
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > ACK sip:97226491335@example.com SIP/2.0
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > INVITE sip:97226491335@example.com SIP/2.0
>> >
>> > Proxy-Authorization: Digest nonce="3bada1a0"
>> >
>> > ,realm="example.com"
>> >
>> > ,response="756933f735fcd93f90a4bbdd5467f263"
>> >
>> > ,uri="sip:97226491335@example.com",username="12345678"
>> >
>> > ,qop=auth,algorithm=MD5
>> >
>> > ,cnonce="56593a80,nc="00000001"
>> >
>> >
>> >
>> > From: <sip:12345678@example.com>
>> >
>> > To: <sip:97226491335@example.com>
>> >
>> >
>> >
>> > B->C
>> >
>> >
>> >
>> > Code = Access-Request (1)
>> >
>> > Packet identifier = 0x7d (125)
>> >
>> > Length = 221
>> >
>> > Authenticator = F5E55840E324AA49D216D9DBD069807D
>> >
>> > NAS-IP-Address = 192.0.2.38
>> >
>> > NAS-Port = 5
>> >
>> > User-Name = 12345678
>> >
>> > Digest-Method = INVITE
>> >
>> > Digest-URI = sip:97226491335@example.com
>> >
>> > Digest-Realm = example.com
>> >
>> > Digest-Qop = auth
>> >
>> > Digest-Algorithm = MD5
>> >
>> > Digest-CNonce = 56593a80
>> >
>> > Digest-Nonce = 3bada1a0
>> >
>> > Digest-Nonce-Count = 00000001
>> >
>> > Digest-Response = 756933f735fcd93f90a4bbdd5467f263
>> >
>> > Digest-Username = 12345678
>> >
>> > SIP-AOR = sip:12345678@example.com
>> >
>> > Message-Authenticator = B6C7F7F8D11EF261A26933D234561A60
>> >
>> >
>> >
>> > C->B
>> >
>> >
>> >
>> > Code = Access-Accept (2)
>> >
>> > Packet identifier = 0x7d (125)
>> >
>> > Length = 72
>> >
>> > Authenticator = FFDD74D6470D21CB6FC4D6056BE245D2
>> >
>> > Digest-Response-Auth = f847de948d12285f8f4199e366f1af21
>> >
>> > Message-Authenticator = 7B76E2F10A7067AF601938BF13B0A62E
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > SIP/2.0 180 Ringing
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > SIP/2.0 200 OK
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > ACK sip:97226491335@example.com SIP/2.0
>> >
>> >
>> >
>> > A second example shows the traffic between a web browser
>> (A), a web
>> >
>> > server (B), and a RADIUS server (C).
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > GET /index.html HTTP/1.1
>> >
>> >
>> >
>> > B->C
>> >
>> > Code = Access-Request (1)
>> >
>> > Packet identifier = 0x7e (126)
>> >
>> > Length = 78
>> >
>> > Authenticator = F5E55840E324AA49D216D9DBD069807E
>> >
>> > NAS-IP-Address = 192.0.2.38
>> >
>> > NAS-Port = 5
>> >
>> > Digest-Method = GET
>> >
>> > Digest-URI = /index.html
>> >
>> > Message-Authenticator = E4C3D52DD0472663B49A6623B52C2A67
>> >
>> >
>> >
>> > C->B
>> >
>> >
>> >
>> > Code = Access-challenge (11)
>> >
>> > Packet identifier = 0x7e (126)
>> >
>> > Length = 72
>> >
>> > Authenticator = 2EE5EB01C02C773B6C6EC8515F565E8E
>> >
>> > Digest-Nonce = a3086ac8
>> >
>> > Digest-Realm = example.com
>> >
>> > Digest-Qop = auth
>> >
>> > Digest-Algorithm = MD5
>> >
>> > Message-Authenticator = 646DB2B0AF9E72FFF2CF7FEB33C4952A
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > HTTP/1.1 401 Authentication Required
>> >
>> > WWW-Authenticate: Digest realm="example.com",
>> >
>> > nonce="a3086ac8",qop=auth,algorithm=MD5
>> >
>> > Content-Length: 0
>> >
>> >
>> >
>> > A->B
>> >
>> >
>> >
>> > GET /index.html HTTP/1.1
>> >
>> > Authorization: Digest algorithm=MD5,qop=auth,nonce="a3086ac8"
>> >
>> > ,nc="00000001",cnonce="56593a80"
>> >
>> > ,realm="example.com"
>> >
>> > ,response="a4fac45c27a30f4f244c54a2e99fa117"
>> >
>> > ,uri="/index.html",username="12345678"
>> >
>> >
>> >
>> > B->C
>> >
>> >
>> >
>> > Code = Access-Request (1)
>> >
>> > Packet identifier = 0x7f (127)
>> >
>> > Length = 176
>> >
>> > Authenticator = F5E55840E324AA49D216D9DBD069807F
>> >
>> > NAS-IP-Address = 192.0.2.38
>> >
>> > NAS-Port = 5
>> >
>> > User-Name = 12345678
>> >
>> > Digest-Method = GET
>> >
>> > Digest-URI = /index.html
>> >
>> > Digest-Realm = example.com
>> >
>> > Digest-Qop = auth
>> >
>> > Digest-Algorithm = MD5
>> >
>> > Digest-CNonce = 56593a80
>> >
>> > Digest-Nonce = a3086ac8
>> >
>> > Digest-Nonce-Count = 00000001
>> >
>> > Digest-Response = a4fac45c27a30f4f244c54a2e99fa117
>> >
>> > Digest-Username = 12345678
>> >
>> > Message-Authenticator = 237D85C1478C70C67EEAF22A9C456821
>> >
>> >
>> >
>> > C->B
>> >
>> >
>> >
>> > Code = Access-Accept (2)
>> >
>> > Packet identifier = 0x7f (127)
>> >
>> > Length = 72
>> >
>> > Authenticator = 6364FA6ED66012847C05A0895607C694
>> >
>> > Digest-Response-Auth = 08c4e942d1d0a191de8b3aa98cd35147
>> >
>> > Message-Authenticator = 43795A3166492AD2A890AD57D5F97D56
>> >
>> >
>> >
>> > B->A
>> >
>> >
>> >
>> > HTTP/1.1 200 OK
>> >
>> > ...
>> >
>> >
>> >
>> > <html>
>> >
>> > ...
>> >
>> >
>> >
>>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 29 Jan 2008 09:49:56 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Bernard Aboba'" <bernard_aboba@hotmail.com>
Cc: <radiusext@ops.ietf.org>
Subject: RE: RADEXT WG Last Call on Extended RADIUS Attributes Document
Date: Tue, 29 Jan 2008 16:48:27 +0700
Message-ID: <000901c8625c$2e6a70a0$2301f00a@arubanetworks.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01C86296.DACBB9A0"
Thread-Index: AchhSAnMgHL29xaOROqOBPNL7+LaGAAcXTjw
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01C86296.DACBB9A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
This is an announcement of RADEXT WG last call on the Extended RADIUS
Attributes document, prior to sending it to the IESG for consideration
as a Proposed Standard. The document is available for inspection here:
http://www.ietf.org/internet-drafts/draft-ietf-radext-extended-attribute
s-00.txt
I'm quite surprised at this move, since even a cursory review of the
document in question would reveal that it is not at all ready for Last
Call: it is rife with gramatical errors & typos. A cynical person might
see it as a ploy to quash debate, but maybe it's just proof that nobody
(not even WG Chairs) actually read drafts before LC. I do wish that the
authors had been consulted on the readiness of the document, however --
it would have been polite.
RADEXT WG last call will last until February 14, 2008. Please send
comments to the RADEXT WG mailing list (radiusext@ops.ietf.org) in the
format described on the RADEXT WG Issues page:
http://www.drizzle.com/~aboba/RADEXT/
------=_NextPart_000_000A_01C86296.DACBB9A0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<STYLE>.hmmessage P {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: =
0px; PADDING-TOP: 0px
}
BODY.hmmessage {
FONT-SIZE: 10pt; FONT-FAMILY: Tahoma
}
</STYLE>
<META content=3D"MSHTML 6.00.6000.16587" name=3DGENERATOR></HEAD>
<BODY class=3Dhmmessage>
<DIV dir=3Dltr align=3Dleft>This is an announcement of RADEXT WG last =
call on the=20
Extended RADIUS Attributes document, prior to sending it to the IESG for =
consideration as a Proposed Standard. The document is =
available for=20
inspection here:<BR><A=20
href=3D"http://www.ietf.org/internet-drafts/draft-ietf-radext-extended-at=
tributes-00.txt">http://www.ietf.org/internet-drafts/draft-ietf-radext-ex=
tended-attributes-00.txt</A><SPAN=20
class=3D359302414-28012008><FONT face=3DArial=20
color=3D#0000ff> </FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN =
class=3D359302414-28012008></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359302414-28012008><FONT =
face=3DArial=20
color=3D#0000ff>I'm quite surprised at this move, since even a cursory =
review of=20
the document in question would reveal that it is not at all ready for =
Last Call:=20
it is rife with gramatical errors & typos. A cynical person =
might see=20
it as a ploy to quash debate, but maybe it's just proof that =
<EM>nobody</EM>=20
(not even WG Chairs) actually read drafts before LC. I do wish =
that the=20
authors had been consulted on the readiness of the document, however -- =
it would=20
have been polite.</FONT></SPAN><BR><BR>RADEXT WG last call will last =
until=20
February 14, 2008. Please send comments to the RADEXT WG mailing =
list=20
(radiusext@ops.ietf.org) in the format described on the RADEXT WG Issues =
page:<BR>http://www.drizzle.com/~aboba/RADEXT/<BR><BR><BR></DIV></BODY></=
HTML>
------=_NextPart_000_000A_01C86296.DACBB9A0--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 28 Jan 2008 16:52:58 +0000
Message-ID: <479E07B1.9040806@deployingradius.com>
Date: Mon, 28 Jan 2008 17:49:53 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>, 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Re: Review of RADIUS Design Guidelines document
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Bernard Aboba wrote:
> Here is my review of the RADIUS Design Guidelines document:
> http://www.ietf.org/internet-drafts/draft-ietf-radext-design-02.txt
...
> I am not sure that these paragraphs provide a sufficiently comprehensive
> description of what would constitute a change to the RADIUS operational
> model. For example, "Design Considerations for Protocol Extensions"
> (http://www.watersprings.org/pub/id/draft-carpenter-extension-recs-02.txt)
> provides a definition of a "major extension" in Section 3.3 that seems
> considerably broader than the considerations provided in the above
> paragraphs. My suggestion would be to expand this section to explicitly
> list some of the basic assumptions of the RADIUS protocol.
Hmm... I'm trying to come up with something that the WG could agree
with, but which isn't banal to the point of being meaningless.
The comments about the State attribute are a good start. Other points
are:
- RADIUS is a transport protocol for authentication credentials,
authorization information, and accounting data for user sessions
- authorization is possible only after a session has been successfully
authenticated
- the protocol is "hop by hop", and not "end to end"
- all data transported by RADIUS is visible to all intermediate nodes
- authentication servers do not have to be co-located with accounting
servers
- no action may be taken on Access-Reject other than disconnecting the
user session that was attempting authentication
- no information may be sent in an Accounting-Response
- Any PDU may not reach it's intended destination. Implementations
should be robust in the event of lost, missing, or incomplete information
Suggestions for more?
> Given the concern about SHA-1 collisions, is it worth recommending
> against use of this algorithm in new attributes?
Yes.
> I also something might be worth saying about the use of RADIUS without
> user authentication.
This can be mentioned as part of the set of assumptions.
> Section 1
>
> Suggest changing: ... To: ...
Looks good to me.
> Section 5
>
> Suggest changing ... To: ...
Looks good to me.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 28 Jan 2008 01:17:13 +0000
Message-ID: <BAY117-W20894F43A7824E354BE6BD93340@phx.gbl>
Content-Type: multipart/alternative; boundary="_d6d63d6d-5c47-465f-a108-502932212ec3_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <radiusext@ops.ietf.org>
Subject: Review of RADIUS Design Guidelines document
Date: Sun, 27 Jan 2008 17:16:46 -0800
MIME-Version: 1.0
--_d6d63d6d-5c47-465f-a108-502932212ec3_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Here is my review of the RADIUS Design Guidelines document:
http://www.ietf.org/internet-drafts/draft-ietf-radext-design-02.txt
Section 1.1 states:
" The advice in this document applies to attributes used to encode
service-provisioning or authentication data. RADIUS protocol
changes, or specification of attributes that can be used to, in
effect, provide new RADIUS commands (such as Service-Type) are out of
scope. Since protocol changes require greater expertise and deeper
review, such changes should not be undertaken outside the IETF and
when handled within the IETF require "IETF Consensus" for adoption,
as noted in [RFC3575] Section 2.1.
As with protocol changes, this document does not provide guidance to
document authors seeking to change the RADIUS operational model.
While RADIUS server implementations may keep state, the RADIUS
protocol is stateless, although information may be passed from one
protocol transaction to another via the State Attribute. As a
result, documents which require stateful protocol behavior without
use of the State Attribute are inherently incompatible with RADIUS as
defined in [RFC2865], and need to be redesigned."
I am not sure that these paragraphs provide a sufficiently comprehensive de=
scription of what would constitute a change to the RADIUS operational model=
. For example, "Design Considerations for Protocol Extensions" (http://www=
.watersprings.org/pub/id/draft-carpenter-extension-recs-02.txt) provides a =
definition of a "major extension" in Section 3.3 that seems considerably br=
oader than the considerations provided in the above paragraphs. My suggest=
ion would be to expand this section to explicitly list some of the basic as=
sumptions of the RADIUS protocol. =20
Section 5
Given the concern about SHA-1 collisions, is it worth recommending against =
use of this algorithm in new attributes?=20
I also something might be worth saying about the use of RADIUS without user=
authentication.=20
Other comments:
Section 1
Suggest changing:
" This document provides guidelines for the design of RADIUS attributes
both within the IETF as well as within other Standards Development
Organizations (SDOs). By articulating RADIUS design guidelines, it
is hoped that this document will encourage the development and
publication of high quality RADIUS attribute specifications. The
advice in this document will not be helpful unless it is put to use.
As with "Guidelines for Authors and Reviewers of MIB Documents"
[RFC4181], it is expected that this document will enable authors to
check their document against the guidelines prior to requesting a
review (such an "Expert Review" described in [RFC3575]). Similarly,
it is hoped that this document will be of use to reviewers (such as
WG participants or the AAA Doctors) in improving the consistency of
reviews.
"
To:
" This document provides guidelines for the design of RADIUS attributes
both within the IETF as well as within other Standards Development
Organizations (SDOs). By articulating RADIUS design guidelines, it
is hoped that this document will encourage the development and
publication of high quality RADIUS attribute specifications. =20
However, the advice in this document will not be helpful unless=20
it is put to use. As with "Guidelines for Authors and Reviewers=20
of MIB Documents [RFC4181], it is expected that this document will=20
be used by authors to check their document against the guidelines=20
prior to requesting review (such an "Expert Review" described=20
in [RFC3575]). Similarly, it is expected that this document will=20
used by reviewers (such as WG participants or the AAA Doctors),
resulting in an improvement in the consistency of reviews."
Section 5
Suggest changing
"The MD5 algorithm
has recently become a focus of scrutiny and concern in security
circles, and as a result, the use of this technique in new attributes
is NOT RECOMMENDED."
To:
"The MD5 and SHA-1 algorithms
have recently become a focus of scrutiny and concern in security
circles, and as a result, the use of these algorithms in new attributes
is NOT RECOMMENDED."
--_d6d63d6d-5c47-465f-a108-502932212ec3_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
Here is my review of the RADIUS Design Guidelines document:<br>http://www.i=
etf.org/internet-drafts/draft-ietf-radext-design-02.txt<br><br>Section 1.1 =
states:<br><br>"<pre> The advice in this document applies to attributes u=
sed to encode<br> service-provisioning or authentication data. RADIUS pr=
otocol<br> changes, or specification of attributes that can be used to, i=
n<br> effect, provide new RADIUS commands (such as Service-Type) are out =
of<br> scope. Since protocol changes require greater expertise and deepe=
r<br> review, such changes should not be undertaken outside the IETF and<=
br> when handled within the IETF require "IETF Consensus" for adoption,<b=
r> as noted in [RFC3575] Section 2.1.<br><br> As with protocol changes,=
this document does not provide guidance to<br> document authors seeking =
to change the RADIUS operational model.<br> While RADIUS server implement=
ations may keep state, the RADIUS<br> protocol is stateless, although inf=
ormation may be passed from one<br> protocol transaction to another via t=
he State Attribute. As a<br> result, documents which require stateful pr=
otocol behavior without<br> use of the State Attribute are inherently inc=
ompatible with RADIUS as<br> defined in [RFC2865], and need to be redesig=
ned.</pre>"<br><br>I am not sure that these paragraphs provide a sufficient=
ly comprehensive description of what would constitute a change to the RADIU=
S operational model. For example, "Design Considerations for Protocol=
Extensions" (http://www.watersprings.org/pub/id/draft-carpenter-extension-=
recs-02.txt) provides a definition of a "major extension" in Section 3.3 th=
at seems considerably broader than the considerations provided in the above=
paragraphs. My suggestion would be to expand this section to explici=
tly list some of the basic assumptions of the RADIUS protocol. <br><b=
r>Section 5<br><br>Given the concern about SHA-1 collisions, is it worth re=
commending against use of this algorithm in new attributes? <br><br>I also =
something might be worth saying about the use of RADIUS without user authen=
tication. <br><br>Other comments:<br><br>Section 1<br><br>Suggest changing:=
<br><br>"<pre> This document provides guidelines for the design of RADIUS=
attributes<br> both within the IETF as well as within other Standards De=
velopment<br> Organizations (SDOs). By articulating RADIUS design guidel=
ines, it<br> is hoped that this document will encourage the development a=
nd<br> publication of high quality RADIUS attribute specifications. The<=
br> advice in this document will not be helpful unless it is put to use.<=
br><br> As with "Guidelines for Authors and Reviewers of MIB Documents"<b=
r> [RFC4181], it is expected that this document will enable authors to<br=
> check their document against the guidelines prior to requesting a<br> =
review (such an "Expert Review" described in [RFC3575]). Similarly,<br> =
it is hoped that this document will be of use to reviewers (such as<br> =
WG participants or the AAA Doctors) in improving the consistency of<br> r=
eviews.<br></pre>"<br><br>To:<br><br>"<pre> This document provides guidel=
ines for the design of RADIUS attributes<br> both within the IETF as well=
as within other Standards Development<br> Organizations (SDOs). By arti=
culating RADIUS design guidelines, it<br> is hoped that this document wil=
l encourage the development and<br> publication of high quality RADIUS at=
tribute specifications. <br><br> However, the advice in this document wi=
ll not be helpful unless <br> it is put to use. As with "Guidelines for =
Authors and Reviewers <br> of MIB Documents [RFC4181], it is expected tha=
t this document will <br> be used by authors to check their document agai=
nst the guidelines <br> prior to requesting review (such an "Expert Revie=
w" described <br> in [RFC3575]). Similarly, it is expected that this doc=
ument will <br> used by reviewers (such as WG participants or the AAA Doc=
tors),<br> resulting in an improvement in the consistency of reviews."<br=
><br>Section 5<br><br>Suggest changing<br><br>"The MD5 algorithm<br> has =
recently become a focus of scrutiny and concern in security<br> circles, =
and as a result, the use of this technique in new attributes<br> is NOT R=
ECOMMENDED."<br><br>To:<br><br> "The MD5 and SHA-1 algorithms<br> have =
recently become a focus of scrutiny and concern in security<br> circles, =
and as a result, the use of these algorithms in new attributes<br> is NOT=
RECOMMENDED."<br></pre></body>
</html>=
--_d6d63d6d-5c47-465f-a108-502932212ec3_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 28 Jan 2008 00:49:06 +0000
Message-ID: <BAY117-W30A27D87A00B4A5609C03B93340@phx.gbl>
Content-Type: multipart/alternative; boundary="_42136b39-ee9d-47cc-894a-13ab72f63acc_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <radiusext@ops.ietf.org>
Subject: RADEXT WG Last Call on Extended RADIUS Attributes Document
Date: Sun, 27 Jan 2008 16:47:59 -0800
MIME-Version: 1.0
--_42136b39-ee9d-47cc-894a-13ab72f63acc_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
This is an announcement of RADEXT WG last call on the Extended RADIUS Attri=
butes document, prior to sending it to the IESG for consideration as a Prop=
osed Standard. The document is available for inspection here:
http://www.ietf.org/internet-drafts/draft-ietf-radext-extended-attributes-0=
0.txt
RADEXT WG last call will last until February 14, 2008. Please send comment=
s to the RADEXT WG mailing list (radiusext@ops.ietf.org) in the format desc=
ribed on the RADEXT WG Issues page:
http://www.drizzle.com/~aboba/RADEXT/
--_42136b39-ee9d-47cc-894a-13ab72f63acc_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
This is an announcement of RADEXT WG last call on the Extended RADIUS Attri=
butes document, prior to sending it to the IESG for consideration as a Prop=
osed Standard. The document is available for inspection here:<b=
r>http://www.ietf.org/internet-drafts/draft-ietf-radext-extended-attributes=
-00.txt<br><br>RADEXT WG last call will last until February 14, 2008. =
Please send comments to the RADEXT WG mailing list (radiusext@ops.ietf.org=
) in the format described on the RADEXT WG Issues page:<br>http://www.drizz=
le.com/~aboba/RADEXT/<br><br><br></body>
</html>=
--_42136b39-ee9d-47cc-894a-13ab72f63acc_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 15 Jan 2008 05:32:48 +0000
Message-ID: <478C44C1.3030801@nitros9.org>
Date: Tue, 15 Jan 2008 06:29:37 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <gzorn@arubanetworks.com>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> Not to mention being "backward compatible", right? Oh, wait, that is
> only a requirement for things you don't like...
Putting the invective aside, I think you've missed much of what I've said.
- the format AS PROPOSED IN THE DOCUMENT is OK.
- I'm not perfectly happy with it, but it's OK
- it leverages a format used for other purposes: that's great
- I am fine with it not being "backwards compatible"
- it achieved WG consensus: that's a miracle
- The "16-bit" variant recently proposed on the list is not OK
- it's less nice than the format in the document
- it's yet another "magic" vsa format
- it introduces even more incompatibilities than the other format
- it has not acheived WG consensus
- it throws away the consensus obtained for the other format.
To put it bluntly: every argument FOR the 16-bit variant of the
extended format is also an argument FOR the Diameter AVP format. If you
are going to seriously propose a 16-bit variant of the extended format,
then I think there is a contingent of this WG that would have issues
with that.
My preference, in order of priority:
1) extended format AS IN THE DOCUMENT
2) Diameter AVP format
3) 16 bit variant of the extended format
(1) has achieved WG consensus. (2) and (3) have not. Can we stop
this, and just move on?
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 14 Jan 2008 07:56:36 +0000
Message-ID: <478B1500.6020904@nitros9.org>
Date: Mon, 14 Jan 2008 08:53:36 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <gzorn@arubanetworks.com>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> It hasn't changed yet, I was proposing to change it in order to provide
> greatly enhanced functionality.
I was under the impression that the WG had mostly achieved consensus
on the format.
> How about this: leave the extra octet in there, but mark it as
> "Reserved", so at least it will be there for future use?
If that's the proposal, then I prefer the Diameter AVP format. It is
simpler, more flexible, and does not require the introduction of yet
another incompatible VSA format.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 11 Jan 2008 16:40:54 +0000
From: Avi Lior <avi@bridgewatersystems.com>
To: "David B. Nelson" <d.b.nelson@comcast.net>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Date: Fri, 11 Jan 2008 11:39:08 -0500
Subject: RE: Questions on modified Extended Attribute format?
Message-ID: <8A8CFE8F89C38B41A749C19328C76D6301B0CD7DEE@exchange02.bridgewatersys.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
You are correct. In RADIUS definitions we define attributes by specifying =
the format and meaning.
When we define the meaning typically we say when this attribute "when inclu=
ded in an access accept message it means ...." and "when included in an acc=
ess request it means ...."
Now if we want to reuse the attribute (because we love the format) in a new=
container. We would just have to modify the meaning part of the definitio=
n by adding "when the attribute appears as part of this grouping it means .=
.."
Going forward if you really want to promote reuse when it is possible you w=
ould just define the syntax of the attribute and then when you define the c=
ontainer (grouping) which includes that attribute you would define what it =
means when this attribute is in a particular container/grouping.
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of David B. Nelson
> Sent: Wednesday, January 09, 2008 10:43 AM
> To: radiusext@ops.ietf.org
> Subject: RE: Questions on modified Extended Attribute format?
>
> Avi Lior writes...
>
> > An attribute can appear standalone and also be included in a group
> > (for that matter, in many groups). The definition of the
> attribute is
> > the same in both cases, but the semantics is different right?
>
> I'm confused by this. The "definition" of the attribute
> consists of syntax
> (format) and semantics (meaning). What does it means to say
> that the definition is the same but the semantics (meaning)
> is different?
>
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 11 Jan 2008 06:29:30 +0000
Message-ID: <47870C10.2090107@nitros9.org>
Date: Fri, 11 Jan 2008 07:26:24 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> The users are being rejected because the provider of their client has
> made up his own rules about what a valid response is;
Umm... the provider of their client is compatible with 2865, not with
the new specification allowing 2865 to be tunneled in extended
attributes. i.e. they haven't upgraded.
Is this permitted? Or should we just say "too bad", and move ahead?
> Tell me the difference in effect. As for encapsulating all the
> attributes in VSAs, that is easily handled by disqualifying the
> mandatory attributes (such as User-Name, EAP-Message, etc.) from
> inclusion.
Then those issues need to be addressed in the extended attributes
draft. That should triple it's size, and add another few years to the
time frame. :(
> I'm going to give you the benefit of the doubt & assume that you have
> actually read the draft & merely misspoke: the "continuation flag" is
> one bit, not one byte; the rest of that octet is the Tag field.
I read the draft... I just don't see a need to explain what every bit
means when I'm trying to count bytes.
> Really? The "new attribute header" that you conveniently gloss over
> above contains a 1 octet total length for the attribute, giving the same
> length limit as old-style RADIUS; of course, you could always either a)
> just concatenate "Diameter AVPs" of the same AVP type together (but then
> you can only have one AVP of a given type in a message) or b) add an
> "awkward" continuation BIT to the Flags field of the AVP...
See Barney's comments.
> Again, I'm kind of amazed: I thought that you had implemented the WiMax
> VSAs.
Not offically as of yet. See the web page: no mention of WiMax.
The Diameter stuff was easy: pack diameter AVP's (using existing
code), encapsulate in RADIUS (~50 lines of new code), etc. The hardest
part was internal book-keeping && data structure updates.
>> This proposal offers LESS than the "Diameter AVP in RADIUS" does,
>> at the cost of MORE work.
>
> See above.
I've looked into it... the Diameter AVP stuff was easier.
> I agree completely: it is becoming rather painfully obvious (from the
> landing of red herrings (make that whales ;-), the frothing at the
> mouth, grasping at straws & confusing of implementations with standards)
> that this idea is entirely too close to useful to be approved by this
> committee.
I thought it was that the goal-posts were changing. Just as everyone
was resigned to accepting the format in the extended attributes draft...
it changed.
How about this. I'll stop arguing with the extensions to the extended
draft if you stop proposing them. I'm willing to achieve consensus on
the basic format of the extended attributes draft:
1 byte type
1 byte length
1 byte Cttttttt
data...
You'll note that my recent objections have NOT been to that format,
but only to the proposed extensions.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 11 Jan 2008 02:25:02 +0000
Date: Thu, 10 Jan 2008 21:23:40 -0500
From: Barney Wolff <barney@databus.com>
To: Glen Zorn <glenzorn@comcast.net>
Cc: "'Alan DeKok'" <aland@nitros9.org>, radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Message-ID: <20080111022340.GA96430@pit.databus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
On Thu, Jan 10, 2008 at 02:52:16PM -0800, Glen Zorn wrote:
>
> >
> > For a total of 10 bytes of header for one attribute.
> >
> > The "Diameter AVP in RADIUS" involves:
> >
> > new attribute header: 2 bytes
> > Diamater header: 8 bytes (4 byte type + 4 byte length)
>
> Pardon me: 4 byte type, 1 byte of flags (BTW, are those 8 bits of flags
> actually useful in RADIUS?) and a 3 byte length.
>
> >
> > For a total of 10 bytes. Plus, conversion to Diameter in Diameter
> > to RADIUS gateways is easy. We can get arbitrary grouping via the
> > Diameter method. We can have attributes as long as we want.
>
> Really? The "new attribute header" that you conveniently gloss over
> above contains a 1 octet total length for the attribute, giving the same
> length limit as old-style RADIUS; of course, you could always either a)
> just concatenate "Diameter AVPs" of the same AVP type together (but then
> you can only have one AVP of a given type in a message) or b) add an
> "awkward" continuation BIT to the Flags field of the AVP...
Well, no. The proposal was that all the EA TLVs would be concatenated
before being decoded, so the Diameter length fields would delimit the
attributes. No continuation bits, bytes or logic. And of course, the
totality of EAs could/should be packed into as many full RADIUS TLVs as
necessary, with much less TL overhead.
Allow me to express some wry amusement that the pretext for rejecting
the Diameter-format proposal was that only attribute typespace exhaustion
was of interest, not attribute length or grouping. Then, magically,
length and grouping came back. Being retired, at least I won't have
to code whatever y'all eventually agree on.
--
Barney Wolff I never met a computer I didn't like.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 10 Jan 2008 22:53:13 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Alan DeKok'" <aland@nitros9.org>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Thu, 10 Jan 2008 14:52:16 -0800
Message-ID: <000901c853db$8007d7c0$a367640a@arubanetworks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Thread-Index: AchR0kMNPUYWhCuSQMu0yUMgsit4YgCAzrPQ
Alan DeKok <> scribbled on Tuesday, January 08, 2008 12:32 AM:
> Glen Zorn wrote:
>> You keep saying that but I really don't know where you get this
>> funny idea.
>
> New extensions cannot break existing deployments.
>
> This is NOT the same as saying new extensions require new code for
> implementations to support those extensions.
>
>>> [ re: packing standard attributes inside of extended ]
>> Only if the authentication method in use is EAP, I think. RFC 2865
>> doesn't list any attributes as required in any type of response; if
>> your client fails because it can't find any attributes in the packet,
>> your client is broken.
>
> The client will reject the user,
If it does, it is broken (modulo the above).
> or will apply the wrong policy
> (i.e.
> default "empty response" policy, rather than the policy in the
> response). Please explain to the user and administrator that the
> users are being rejected because of a new feature in RADIUS, and that
> this is a Good Thing.
The users are being rejected because the provider of their client has
made up his own rules about what a valid response is; if they get the
wrong policy (or the wrong service), tell me how that is different from
a client getting tunnel attributes that it doesn't understand &
therefore ignores.
>
>> Really? Tell me what happens when a NAS receives, say, a tunnel
>> attribute that it doesn't understand; then tell me how that is
>> different from the introduction of _any_ new standard attribute and
>> how it constitutes "communication".
>
> The issue is NOT introduction of a new standard attribute. The
> issue is encapsulating standard attributes that the client DOES
> understand in a VSA that the client DOES NOT understand.
Tell me the difference in effect. As for encapsulating all the
attributes in VSAs, that is easily handled by disqualifying the
mandatory attributes (such as User-Name, EAP-Message, etc.) from
inclusion.
>
>> Care to expand upon that a bit?
>
> If you're going to increase the attribute space, AND support long
> attributes, you might as well give up and use the Diameter AVP
> format.
> Your proposal involves:
>
> VSA header: 2 bytes (type, length)
> Vendor-Id of zero: 4 bytes
> Extended attribute header: 3 bytes (16 bit type + length)
> "continuation" flag: 1 byte
I'm going to give you the benefit of the doubt & assume that you have
actually read the draft & merely misspoke: the "continuation flag" is
one bit, not one byte; the rest of that octet is the Tag field.
>
> For a total of 10 bytes of header for one attribute.
>
> The "Diameter AVP in RADIUS" involves:
>
> new attribute header: 2 bytes
> Diamater header: 8 bytes (4 byte type + 4 byte length)
Pardon me: 4 byte type, 1 byte of flags (BTW, are those 8 bits of flags
actually useful in RADIUS?) and a 3 byte length.
>
> For a total of 10 bytes. Plus, conversion to Diameter in Diameter
> to RADIUS gateways is easy. We can get arbitrary grouping via the
> Diameter method. We can have attributes as long as we want.
Really? The "new attribute header" that you conveniently gloss over
above contains a 1 octet total length for the attribute, giving the same
length limit as old-style RADIUS; of course, you could always either a)
just concatenate "Diameter AVPs" of the same AVP type together (but then
you can only have one AVP of a given type in a message) or b) add an
"awkward" continuation BIT to the Flags field of the AVP...
> AND the
> coding is much, much, easier.
>
> I implemented the Diameter format as a test a while ago, and it was
> ~400 LoC, in part because it could leverage the existing code base of
> Diameter encapsulation/decapsulation. I've been looking at the
> extended attribute format. It doesn't leverage any existing code.
> It has an awkward "continuation" byte, which means it can't use any
> of the pre-existing VSA handlers, etc.
Again, I'm kind of amazed: I thought that you had implemented the WiMax
VSAs. You mean that that code couldn't be leveraged? The formats are
practically identical.
>
> This proposal offers LESS than the "Diameter AVP in RADIUS" does,
> at the cost of MORE work.
See above.
>
> We've been having this argument for too long. We need to stop NOW,
> pick a format, and move on. The endless re-visiting of attribute
> format is holding up other key work.
I agree completely: it is becoming rather painfully obvious (from the
landing of red herrings (make that whales ;-), the frothing at the
mouth, grasping at straws & confusing of implementations with standards)
that this idea is entirely too close to useful to be approved by this
committee.
>
> Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 10 Jan 2008 22:04:55 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Romascanu, Dan \(Dan\)'" <dromasca@avaya.com>, "'Alan DeKok'" <aland@nitros9.org>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Thu, 10 Jan 2008 14:03:35 -0800
Message-ID: <000801c853d4$ae41d020$a367640a@arubanetworks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Thread-Index: AchNvxvE95gozpjSQoKAVguApoAI+AAZAbTwAO0zArAAfwfpsA==
Romascanu, Dan (Dan) <mailto:dromasca@avaya.com> scribbled on Tuesday,
January 08, 2008 1:24 AM:
>> Glen Zorn wrote:
>>
>>> As I said, put that way or any other way you like, ANY change is
>>> incompatible with existing deployments. If one were to add a new
>>> "standard" attribute (in the old format or the proposed VSA-like
>>> format or any other) it would be incompatible with existing
>>> deployments.
>>
>> That isn't the point. Everyone accepts that implementations have
>> to be updated to handle new standards.
>> One of the major efforts in RADIUS has been to maintain backwards
>> compatibility with existing deployments.
>> [gwz]
>> You keep saying that but I really don't know where you get this
>> funny idea. [/gwz]
>>
>
> The current RADEXT charter is quite explicit about the requirements
> for backwards compatibility.
>
> - All RADIUS work MUST be backward compatible with existing RADIUS
> RFCs, including RFCs 2618-2621, 2865-2869, 3162, 3575, 3576, 3579,
> and 3580.
Yup, very true. That's not what Alan is requiring, however: "backwards
compatibility with existing deployments"
--------------------
is not at all the same thing as being backward compatible with the RFCs.
The proposal I'm making is not intended (nor, I believe, is it)
incompatible with the existing RFCs.
>
> Dan
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 20:15:30 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=IC1HtR8oK+DGmq0baI91Ga3q1Ac6ti9vHQudC4Wt43xSAYjHt9b5iQax X9x/YnE7uWkuKsZSeCZAi/OImTaFttQj9lz+cLb49NBaDJrX/I6aFDE+l Kbd39MzfQCTKhfnj48jdBCMBO7eCDfAkla/mJTuvxORAV9n9T2evX5NYW c=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [HOKEY] a transparent proposal
Date: Wed, 9 Jan 2008 12:13:20 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513CF47F4@NAEX13.na.qualcomm.com>
Thread-Topic: [HOKEY] a transparent proposal
Thread-Index: AchSmGWo+cEoGD4VQiKjaxmFtvr44QAXeVKQ
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: "Bernard Aboba" <bernard_aboba@hotmail.com>, "Alan DeKok" <aland@deployingradius.com>
Cc: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, <barney@databus.com>, <hokey@ietf.org>, <radiusext@ops.ietf.org>
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Wednesday, January 09, 2008 12:18 AM
> To: Alan DeKok
> Cc: Hannes Tschofenig; barney@databus.com; hokey@ietf.org;=20
> radiusext@ops.ietf.org
> Subject: RE: [HOKEY] a transparent proposal
>=20
>=20
> > It is up to that domain to ensure all of it's AAA servers=20
> have the=20
> > same policy. This includes managing state for multiple login=20
> > detection, and potentially re-auth keys.
>=20
> Doesn't this imply a significant degree of complexity? For=20
> example, one argument for the RFC 4507 PAC is that avoiding=20
> server-side state enables better scaling and authentication=20
> performance, because RADIUS servers don't replicate TLS key=20
> state. It's hard to reconcile that argument with the idea of=20
> having the domain keeping track of server side state.=20
>=20
> If there is a way to push that state on the peer, things=20
> would be much simpler. For example, if the ERX exchange were=20
> to leave the peer with an NAI identifying the "local server"=20
> and corresponding key state, then the peer could use that=20
> "re-auth" NAI in subsequent requests.=20
>=20
That is what is done. The peer performs the ERP exchange with
"rIKName@localdomain", where the "rIKName" is the name of the
reauthentication integrity key that is used to authenticate the ERP
exchange and "localdomain" identifies the domain name of the local ER
server. For local domains that replicate key material, this domain name
may actually route to one of the multiple local ER servers; for local
domains that strictly have one server, they have the burden of providing
local domain names that are server-specific. =20
The peer learns the local domain name at the time of ERX bootstrapping
and uses that, along with the corresponding rIKName as the username part
of its NAI at the time of reauthentication. =20
Vidya
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 15:44:16 +0000
From: "David B. Nelson" <d.b.nelson@comcast.net>
To: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Wed, 9 Jan 2008 10:43:27 -0500
Message-ID: <004e01c852d6$61d61c40$011716ac@NEWTON603>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AchSfy9slkyWKStwTW2l6JAtWhKJmAAVslhg
Avi Lior writes...
> An attribute can appear standalone and also be included in a group
> (for that matter, in many groups). The definition of the attribute
> is the same in both cases, but the semantics is different right?
I'm confused by this. The "definition" of the attribute consists of syntax
(format) and semantics (meaning). What does it means to say that the
definition is the same but the semantics (meaning) is different?
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 14:40:08 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Questions on modified Extended Attribute format?
Date: Wed, 9 Jan 2008 09:39:17 -0500
Message-ID: <E7CCE8A83907104ABEE91AC3AE3709A011B1B01E@exchange.bridgewatersys.com>
From: "Avi Lior" <avi@bridgewatersystems.com>
To: "Bernard Aboba" <bernard_aboba@hotmail.com>, "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
Bernard,
Here is the WiMAX VSA definition (the payload of a RADIUS Type 26
attribute). As you can see it aligns with the earlier proposal. The
fragmentation concept is used but the tag concept is not used but is
reserved.=20
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WiMAX Type | Length | Continuation | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Continuation Field is defined as follows:
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|C|r|r|r|r|r|r|r|
+-+-+-+-+-+-+-+-+
The C-bit of the continuation field indicates if a WiMAX attribute is
being fragmented.
When the C-bit is set to one '1' this indicates that the attribute is
being fragmented that is
the next WiMAX VSA of the same WiMAX type is to be appended to this
attribute.
When the C-bit is set to zero '0' this indicates that the next attribute
is not a fragment of
this attribute.
A WiMAX attribute that is not being fragmented will have the C-bit set
to '0'. A WiMAX
attribute that is being fragmented will have its C-bit set to '1' for
all fragments until the last
fragment which will have its C-bit set to '0' indicating it's the last
fragment of the attribute.
The r-bits are reserved for future use. They SHALL be set to zero by the
sender and
SHALL be ignored by the receiver.
=20
> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]=20
> Sent: Wednesday, January 09, 2008 3:11 AM
> To: Avi Lior; David B. Nelson; radiusext@ops.ietf.org
> Subject: RE: Questions on modified Extended Attribute format?
>=20
>=20
> Avi --
>=20
> Is it correct to say that the current proposal is compatible=20
> with WiMAX VSAs?=20
>=20
> For example, is there no tag part in the WiMAX VSAs, or is it=20
> just not used in any existing VSAs?=20
> ----------------------------------------
> > Subject: RE: Questions on modified Extended Attribute format?
> > Date: Tue, 8 Jan 2008 22:17:22 -0500
> > From: avi@bridgewatersystems.com
> > To: d.b.nelson@comcast.net; radiusext@ops.ietf.org
> >=20
> > WiMAX did try to align at one time. But things have changed.
> >=20
> > And to get WiMAX to align again with the IETF would be hard=20
> now. We=20
> > would need a good reason to change given that we have=20
> implementation.
> > But not impossible since lots of things are changing.
> >=20
> > But to be 100 clear, the WiMAX encoding is WiMAX's encoding and not=20
> > IETF. While compatiblity is desirable it is not required=20
> at this stage.
> >=20
> > It would have been nice if the IETF addressed the issues -- much --=20
> > earlier.
> >=20
> > Note in WiMAX we use the M bit but dont use the tag part.=20
> >=20
> >> -----Original Message-----
> >> From: owner-radiusext@ops.ietf.org
> >> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of David B. Nelson
> >> Sent: Wednesday, December 26, 2007 9:59 PM
> >> To: radiusext@ops.ietf.org
> >> Subject: RE: Questions on modified Extended Attribute format?
> >>=20
> >> Bernard Aboba writes...
> >> =20
> >>>> WiMAX uses the same attribute format as proposed here. Changes=20
> >>>> that are incompatible with WiMAX should be discouraged.
> >>>=20
> >>> I would agree. If the extensions remain compatible with=20
> WiMAX then
> >>> the amount of code duplication will be minimized.
> >>=20
> >> I'm not so sure that I agree. We should do what's right for the=20
> >> RADIUS community. If that happens to be compatible with=20
> WiMAX, then=20
> >> great.
> >>=20
> >>=20
> >>=20
> >> --
> >> to unsubscribe send a message to
> >> radiusext-request@ops.ietf.org with the word 'unsubscribe' in a=20
> >> single line as the message text body.
> >> archive:=20
> >>=20
> >=20
> > --
> > to unsubscribe send a message to=20
> radiusext-request@ops.ietf.org with=20
> > the word 'unsubscribe' in a single line as the message text body.
> > archive:=20
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 09:56:10 +0000
Message-ID: <4784999F.9060803@deployingradius.com>
Date: Wed, 09 Jan 2008 10:53:35 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>, barney@databus.com, hokey@ietf.org, radiusext@ops.ietf.org
Subject: Re: [HOKEY] a transparent proposal
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Bernard Aboba wrote:
>> It is up to that domain to ensure all of it's AAA servers have the
>> same policy. This includes managing state for multiple login detection,
>> and potentially re-auth keys.
>
> Doesn't this imply a significant degree of complexity? For example,
> one argument for the RFC 4507 PAC is that avoiding server-side state
> enables better scaling and authentication performance, because RADIUS
> servers don't replicate TLS key state.
The re-authentication credentials aren't TLS key state, though. From
the current proposals, they're just opaque keys. They may be
*generated* from TLS key state, but once generated, they can be cached
by intermediate servers.
> It's hard to reconcile that
> argument with the idea of having the domain keeping track of server side
> state.
Some server somewhere has to keep track of the re-authentication
credentials.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 08:19:03 +0000
Message-ID: <BAY117-W14C882A2BB15DAF8804E2793490@phx.gbl>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Alan DeKok <aland@deployingradius.com>
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>, <barney@databus.com>, <hokey@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [HOKEY] a transparent proposal
Date: Wed, 9 Jan 2008 00:17:55 -0800
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
> It is up to that domain to ensure all of it's AAA servers have the
> same policy. This includes managing state for multiple login detection,
> and potentially re-auth keys.
Doesn't this imply a significant degree of complexity? For example, one ar=
gument for the RFC 4507 PAC is that avoiding server-side state enables bett=
er scaling and authentication performance, because RADIUS servers don't rep=
licate TLS key state. It's hard to reconcile that argument with the idea o=
f having the domain keeping track of server side state.=20
If there is a way to push that state on the peer, things would be much simp=
ler. For example, if the ERX exchange were to leave the peer with an NAI i=
dentifying the "local server" and corresponding key state, then the peer co=
uld use that "re-auth" NAI in subsequent requests.=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 08:11:25 +0000
Message-ID: <BAY117-W2549C96B114FAF11F1F94B93490@phx.gbl>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Avi Lior <avi@bridgewatersystems.com>, "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Wed, 9 Jan 2008 00:11:00 -0800
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Avi --
Is it correct to say that the current proposal is compatible with WiMAX VSA=
s?=20
For example, is there no tag part in the WiMAX VSAs, or is it just not used=
in any existing VSAs?=20
----------------------------------------
> Subject: RE: Questions on modified Extended Attribute format?
> Date: Tue, 8 Jan 2008 22:17:22 -0500
> From: avi@bridgewatersystems.com
> To: d.b.nelson@comcast.net; radiusext@ops.ietf.org
>=20
> WiMAX did try to align at one time. But things have changed.
>=20
> And to get WiMAX to align again with the IETF would be hard now. We
> would need a good reason to change given that we have implementation.
> But not impossible since lots of things are changing.
>=20
> But to be 100 clear, the WiMAX encoding is WiMAX's encoding and not
> IETF. While compatiblity is desirable it is not required at this stage.
>=20
> It would have been nice if the IETF addressed the issues -- much --
> earlier. =20
>=20
> Note in WiMAX we use the M bit but dont use the tag part.=20
>=20
>> -----Original Message-----
>> From: owner-radiusext@ops.ietf.org=20
>> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of David B. Nelson
>> Sent: Wednesday, December 26, 2007 9:59 PM
>> To: radiusext@ops.ietf.org
>> Subject: RE: Questions on modified Extended Attribute format?
>>=20
>> Bernard Aboba writes...
>> =20
>>>> WiMAX uses the same attribute format as proposed here. Changes=20
>>>> that are incompatible with WiMAX should be discouraged.
>>>=20
>>> I would agree. If the extensions remain compatible with WiMAX then
>>> the amount of code duplication will be minimized.
>>=20
>> I'm not so sure that I agree. We should do what's right for=20
>> the RADIUS community. If that happens to be compatible with=20
>> WiMAX, then great.
>>=20
>>=20
>>=20
>> --
>> to unsubscribe send a message to=20
>> radiusext-request@ops.ietf.org with the word 'unsubscribe' in=20
>> a single line as the message text body.
>> archive:=20
>>=20
>=20
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive:=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 07:29:00 +0000
Message-ID: <4784773C.4020404@deployingradius.com>
Date: Wed, 09 Jan 2008 08:26:52 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>, barney@databus.com, hokey@ietf.org, radiusext@ops.ietf.org
Subject: Re: [HOKEY] a transparent proposal
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Bernard Aboba wrote:
> However, the routing requirements for the ERX application are different
> from those in normal AAA exchanges, because here key state (unlike the
> AAA credentials database) is not replicated. That means that messages
> can't just be routed based on a "Domain Identifier" -- they actually
> have to be addressed to specific servers, since only those servers will
> hold the required key state.
Yes and no. The NAI could be decorated with a re-auth request, e.q.
"user@example.com@REAUTH". Existing servers not implementing re-auth
could be configured to strip/ignore "@REAUTH", and forward the request
as normal.
Servers implementing re-auth could forward the request to a
re-authentication server. The key data obtained on initial login could
also be forwarded to that same re-authentication server. Nobody else
needs to know or care where those servers are located.
Of course, this only works for re-authentication within one domain.
If the user tries to re-authenticate to a different domain, then the
request has to be forwarded back up the proxy chain to another server
which has cached those credentials, or which can authenticate the user
from scratch.
> For example, a "session resume NAI" could identify the specific EAP
> Session-Id that is being resumed, as well as the realm in which that key
> resides. However, an NAI including only the realm will not necessarily
> be routed to the server or proxy that holds the key state, because AAA
> deployments often point the authenticators at different AAA servers or
> proxies for load balancing purposes. To ensure that the request goes
> to the right place, the specific server name needs to be provided within
> the NAI.
It is up to that domain to ensure all of it's AAA servers have the
same policy. This includes managing state for multiple login detection,
and potentially re-auth keys.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 07:23:00 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Questions on modified Extended Attribute format?
Date: Tue, 8 Jan 2008 23:21:15 -0800
Message-ID: <ACF43FD466CF5B4FB63C345423C84D715B009D@wv-mailsrv2.strixsystems.com>
Thread-Topic: Questions on modified Extended Attribute format?
Thread-Index: AchSbuRMMM3Ce/qKQP+07RROHM0WOwAIIl3A
From: "Matt Holdrege" <Matt.Holdrege@strixsystems.com>
To: "Avi Lior" <avi@bridgewatersystems.com>, "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
While I completely understand the disappointment with the IETF RADIUS
development process I don't think that it is a good idea to give up on
alignment. Alignment is a VERY serious issue given that mixed 802.11 and
802.16 networks will be the norm for many, many years to come.=20
And although there are a few WiMax implementations out now, 802.16e in a
real sense still hasn't started yet so I don't see any serious problem
with making changes.=20
-Matt
-----Original Message-----
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org]
On Behalf Of Avi Lior
Sent: Wednesday, January 09, 2008 4:17 AM
To: David B. Nelson; radiusext@ops.ietf.org
Subject: RE: Questions on modified Extended Attribute format?
WiMAX did try to align at one time. But things have changed.
And to get WiMAX to align again with the IETF would be hard now. We
would need a good reason to change given that we have implementation.
But not impossible since lots of things are changing.
But to be 100 clear, the WiMAX encoding is WiMAX's encoding and not
IETF. While compatiblity is desirable it is not required at this stage.
It would have been nice if the IETF addressed the issues -- much --
earlier. =20
Note in WiMAX we use the M bit but dont use the tag part.=20
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of David B. Nelson
> Sent: Wednesday, December 26, 2007 9:59 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Questions on modified Extended Attribute format?
>=20
> Bernard Aboba writes...
> =20
> > > WiMAX uses the same attribute format as proposed here. Changes=20
> > > that are incompatible with WiMAX should be discouraged.
> >=20
> > I would agree. If the extensions remain compatible with WiMAX then
> > the amount of code duplication will be minimized.
>=20
> I'm not so sure that I agree. We should do what's right for=20
> the RADIUS community. If that happens to be compatible with=20
> WiMAX, then great.
>=20
>=20
>=20
> --
> to unsubscribe send a message to=20
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in=20
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 07:18:02 +0000
Message-ID: <4784743D.4030308@nitros9.org>
Date: Wed, 09 Jan 2008 08:14:05 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Avi Lior <avi@bridgewatersystems.com>
CC: "Romascanu, Dan (Dan)" <dromasca@avaya.com>, Glen Zorn <glenzorn@comcast.net>, radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Avi Lior wrote:
> I dont understand Alan's comment. The NAS-IP that appears in the RADIUS
> message is semantically different then the NAS-IP attribute that is
> going to be grouped. The semantics for the former case is defined by
> RFC2865 and the semantics of the later case would be defined by a new
> RFC.
The traditional RADIUS data model has involved defining new attributes
for new semantics, even if the contents are commonly understood items
like IP addresses.
> This is no different in Diameter. An attribute can appear standalone
> and also be included in a group (for that matter, in many groups). The
> definition of the attribute is the same in both cases, but the semantics
> is different right?
Diameter implementations are more flexible and capable about AVP's
than RADIUS implementations. This is solely because the Diameter AVP
format is more flexible and capable than the RADIUS AVP format.
If we agree to use the Diameter format for extended attributes, then
we would obtain all of the benefits of that format for new attributes.
And that format is more flexible and capable than the current proposal
in the extended attributes draft.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 05:15:58 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Questions on modified Extended Attribute format?
Date: Wed, 9 Jan 2008 00:15:12 -0500
Message-ID: <E7CCE8A83907104ABEE91AC3AE3709A011B1AF7A@exchange.bridgewatersys.com>
From: "Avi Lior" <avi@bridgewatersystems.com>
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>, "Glen Zorn" <glenzorn@comcast.net>, "Alan DeKok" <aland@nitros9.org>
Cc: <radiusext@ops.ietf.org>
Regarding allowing legacy attributes to be grouped within the extended
attribute.
Lets look at it from a practical perspective. If I am writing a new
"Application" which will use grouping and I need to encode the IP
address of the NAS.
In Glen's proposal I would reuse the existing attribute NAS-IP vs. what
others are saying I would have to create a new attribute called
New-NAS-IP and include that in the grouped attribute.
Glen's approach *seems* more appropriate no?
I dont understand Alan's comment. The NAS-IP that appears in the RADIUS
message is semantically different then the NAS-IP attribute that is
going to be grouped. The semantics for the former case is defined by
RFC2865 and the semantics of the later case would be defined by a new
RFC.
This is no different in Diameter. An attribute can appear standalone
and also be included in a group (for that matter, in many groups). The
definition of the attribute is the same in both cases, but the semantics
is different right?
So what am I missing?
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Wed, 09 Jan 2008 03:18:54 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Questions on modified Extended Attribute format?
Date: Tue, 8 Jan 2008 22:17:22 -0500
Message-ID: <E7CCE8A83907104ABEE91AC3AE3709A011B1AF73@exchange.bridgewatersys.com>
From: "Avi Lior" <avi@bridgewatersystems.com>
To: "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
WiMAX did try to align at one time. But things have changed.
And to get WiMAX to align again with the IETF would be hard now. We
would need a good reason to change given that we have implementation.
But not impossible since lots of things are changing.
But to be 100 clear, the WiMAX encoding is WiMAX's encoding and not
IETF. While compatiblity is desirable it is not required at this stage.
It would have been nice if the IETF addressed the issues -- much --
earlier. =20
Note in WiMAX we use the M bit but dont use the tag part.=20
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of David B. Nelson
> Sent: Wednesday, December 26, 2007 9:59 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Questions on modified Extended Attribute format?
>=20
> Bernard Aboba writes...
> =20
> > > WiMAX uses the same attribute format as proposed here. Changes=20
> > > that are incompatible with WiMAX should be discouraged.
> >=20
> > I would agree. If the extensions remain compatible with WiMAX then
> > the amount of code duplication will be minimized.
>=20
> I'm not so sure that I agree. We should do what's right for=20
> the RADIUS community. If that happens to be compatible with=20
> WiMAX, then great.
>=20
>=20
>=20
> --
> to unsubscribe send a message to=20
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in=20
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 17:13:28 +0000
Message-ID: <BAY117-W16A0C879B69F87E93309C793480@phx.gbl>
Content-Type: multipart/alternative; boundary="_4d73e889-c166-455e-8220-6afb77834fd1_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Tue, 8 Jan 2008 09:13:00 -0800
MIME-Version: 1.0
--_4d73e889-c166-455e-8220-6afb77834fd1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
> We've been having this argument for too long. We need to stop NOW,
> pick a format, and move on. The endless re-visiting of attribute format
> is holding up other key work.
This discussion does need to stop. =20
The RADEXT WG has already discussed this issue extensively, and come to
consensus. Re-design of the RADIUS attribute format (as originally advocat=
ed
in the "Design Guidelines" document) was discussed and rejected.
"Diameter in RADIUS" proposals were discussed and rejected.=20
The consensus of the WG has been to extend the RADIUS attribute format in
backward compatible manner, and that is a requirement in the RADEXT WG
charter.
Since other IETF documents have a dependency on attribute extension, we nee=
d to
get on with it.=20
Perhaps the quickest way to do that is to bring the document to WG last=20
call, and focus on addressing the last call comments from this point forwar=
d.
--_4d73e889-c166-455e-8220-6afb77834fd1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
> We've been having this argument for too long. We need to stop NOW,<=
br>> pick a format, and move on. The endless re-visiting of attribute f=
ormat<br>> is holding up other key work.<br><br>This discussion does nee=
d to stop. <br><br>The RADEXT WG has already discussed this issue ext=
ensively, and come to<br>consensus. Re-design of the RADIUS attribute=
format (as originally advocated<br>in the "Design Guidelines" document) wa=
s discussed and rejected.<br>"Diameter in RADIUS" proposals were discussed =
and rejected. <br>The consensus of the WG has been to extend the RADIUS att=
ribute format in<br>backward compatible manner, and that is a requirement i=
n the RADEXT WG<br>charter.<br><br>Since other IETF documents have a depend=
ency on attribute extension, we need to<br>get on with it. <br><br>Perhaps =
the quickest way to do that is to bring the document to WG last <br>call, a=
nd focus on addressing the last call comments from this point forward.<br><=
br><br></body>
</html>=
--_4d73e889-c166-455e-8220-6afb77834fd1_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 09:24:56 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Questions on modified Extended Attribute format?
Date: Tue, 8 Jan 2008 10:23:40 +0100
Message-ID: <EDC652A26FB23C4EB6384A4584434A047BF686@307622ANEX5.global.avaya.com>
Thread-Topic: Questions on modified Extended Attribute format?
Thread-Index: AchNvxvE95gozpjSQoKAVguApoAI+AAZAbTwAO0zArA=
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: "Glen Zorn" <glenzorn@comcast.net>, "Alan DeKok" <aland@nitros9.org>
Cc: <radiusext@ops.ietf.org>
=20
=20
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Glen Zorn
> Sent: Tuesday, January 08, 2008 8:45 AM
> To: 'Alan DeKok'
> Cc: radiusext@ops.ietf.org
> Subject: RE: Questions on modified Extended Attribute format?
>=20
> Glen Zorn wrote:
>=20
> > As I said, put that way or any other way you like, ANY change is=20
> > incompatible with existing deployments. If one were to add a new
> "standard"
> > attribute (in the old format or the proposed VSA-like format or any=20
> > other) it would be incompatible with existing deployments.
>=20
> That isn't the point. Everyone accepts that=20
> implementations have to be updated to handle new standards. =20
> One of the major efforts in RADIUS has been to maintain=20
> backwards compatibility with existing deployments.
> [gwz]
> You keep saying that but I really don't know where you get=20
> this funny idea.
> [/gwz]
>=20
The current RADEXT charter is quite explicit about the requirements for
backwards compatibility.=20
- All RADIUS work MUST be backward compatible with existing RADIUS=20
RFCs,
including RFCs 2618-2621, 2865-2869, 3162, 3575, 3576, 3579, and 3580.
Dan
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 08:35:19 +0000
Message-ID: <478334FB.6080208@nitros9.org>
Date: Tue, 08 Jan 2008 09:31:55 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> You keep saying that but I really don't know where you get this funny idea.
New extensions cannot break existing deployments.
This is NOT the same as saying new extensions require new code for
implementations to support those extensions.
>> [ re: packing standard attributes inside of extended ]
> Only if the authentication method in use is EAP, I think. RFC 2865 doesn't
> list any attributes as required in any type of response; if your client
> fails because it can't find any attributes in the packet, your client is
> broken.
The client will reject the user, or will apply the wrong policy (i.e.
default "empty response" policy, rather than the policy in the
response). Please explain to the user and administrator that the users
are being rejected because of a new feature in RADIUS, and that this is
a Good Thing.
> Really? Tell me what happens when a NAS receives, say, a tunnel attribute
> that it doesn't understand; then tell me how that is different from the
> introduction of _any_ new standard attribute and how it constitutes
> "communication".
The issue is NOT introduction of a new standard attribute. The issue
is encapsulating standard attributes that the client DOES understand in
a VSA that the client DOES NOT understand.
> Care to expand upon that a bit?
If you're going to increase the attribute space, AND support long
attributes, you might as well give up and use the Diameter AVP format.
Your proposal involves:
VSA header: 2 bytes (type, length)
Vendor-Id of zero: 4 bytes
Extended attribute header: 3 bytes (16 bit type + length)
"continuation" flag: 1 byte
For a total of 10 bytes of header for one attribute.
The "Diameter AVP in RADIUS" involves:
new attribute header: 2 bytes
Diamater header: 8 bytes (4 byte type + 4 byte length)
For a total of 10 bytes. Plus, conversion to Diameter in Diameter to
RADIUS gateways is easy. We can get arbitrary grouping via the Diameter
method. We can have attributes as long as we want. AND the coding is
much, much, easier.
I implemented the Diameter format as a test a while ago, and it was
~400 LoC, in part because it could leverage the existing code base of
Diameter encapsulation/decapsulation. I've been looking at the extended
attribute format. It doesn't leverage any existing code. It has an
awkward "continuation" byte, which means it can't use any of the
pre-existing VSA handlers, etc.
This proposal offers LESS than the "Diameter AVP in RADIUS" does, at
the cost of MORE work.
We've been having this argument for too long. We need to stop NOW,
pick a format, and move on. The endless re-visiting of attribute format
is holding up other key work.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 06:56:12 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Bernard Aboba'" <bernard_aboba@hotmail.com>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Mon, 7 Jan 2008 22:55:35 -0800
Message-ID: <004501c851c3$78f89a10$6ae9ce30$@net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0046_01C85180.6AD55A10"
Thread-Index: AchN5trgZzyCwneHS9W+QM1y+/JgmwCEtMHA
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_0046_01C85180.6AD55A10
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
> This proposal breaks that completely. It will be perfectly legal for
> implementations of your proposal to put ALL RADIUS attributes as
> grouped, inside of an "extended attribute". Any NAS that receives such
> a response will get a packet containing *nothing* but VSA's. It will
> then decide that there is nothing in the packet that it recognizes, and
> will fail.
>
> i.e. your proposal creates a new protocol that is incompatible with
> legacy RADIUS.
Presumbably new attributes using the extended format will define
whether they can be grouped or not, and if so, what the grouping
means.
But what about legacy attributes? For example, what would it mean for a
NAS-Identifier attribute to be grouped with say, a Tunnel-Password
attribute? Presumably, this document would not define the semantics
of grouping for legacy attributes, which begs the question of where,
if anywhere, that semantic would be specified.
[gwz]
Presumably, the implementors would be interested in actually accomplishing
something & not merely playing word games & landing red herrings. They also
might not ignore the second word in the phrase "group related attributes"
which occurs at least 6 times in the draft. Are NAS-Identifier &
Tunnel-Password related attributes? If so, and someone wanted to group them
together, that could be documented.
[/gwz]
Unless that semantic is specified somewhere (and I doubt it would be
specified anywhere for a substantial period of time), then the semantics
of grouping of legacy attributes is likely to be "implementation specific".
[gwz]
Why is it necessary to specify the semantics of every possible combination
of RADIUS attributes? Obviously, it's not; all that is required is to
define those groups that are useful, which in any reasonable process could
be done as the utility of those groupings became apparent.
[/gwz]
So not only would the "new" RADIUS not be backward compatible with
the old one -- it wouldn't even have a public specification.
------=_NextPart_000_0046_01C85180.6AD55A10
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>>
This proposal breaks that completely. It will be perfectly legal for<br>
> implementations of your proposal to put ALL RADIUS attributes =
as<br>
> grouped, inside of an "extended attribute". Any NAS that =
receives
such<br>
> a response will get a packet containing *nothing* but VSA's. It =
will<br>
> then decide that there is nothing in the packet that it recognizes, =
and<br>
> will fail.<br>
><br>
> i.e. your proposal creates a new protocol that is incompatible =
with<br>
> legacy RADIUS.<br>
<br>
Presumbably new attributes using the extended format will define <br>
whether they can be grouped or not, and if so, what the grouping<br>
means. <br>
<br>
But what about legacy attributes? For example, what would it mean =
for a <br>
NAS-Identifier attribute to be grouped with say, a Tunnel-Password<br>
attribute? Presumably, this document would not define the =
semantics<br>
of grouping for legacy attributes, which begs the question of where,<br>
if anywhere, that semantic would be specified. <span =
style=3D'color:#1F497D'><o:p></o:p></span></span></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> Presumably, the implementors would be interested in
actually accomplishing something & not merely playing word games =
&
landing red herrings. They also might not ignore the second word =
in the phrase
"group related attributes" which occurs at least 6 times in =
the
draft. Are NAS-Identifier & Tunnel-Password =
</span></i></b><b><span
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'>related<i>
attributes? If so, and someone wanted to group them together, that =
could
be documented.<o:p></o:p></i></span></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[/gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>
<br>
Unless that semantic is specified somewhere (and I doubt it would be<br>
specified anywhere for a substantial period of time), then the =
semantics<br>
of grouping of legacy attributes is likely to be "implementation
specific". <o:p></o:p></span></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Why is it necessary to specify the semantics of every =
possible
combination of RADIUS attributes? Obviously, it's not; all that is
required is to define those groups that are useful, which in any =
reasonable
process could be done as the utility of those groupings became =
apparent.<br>
[/gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>
So not only would the "new" RADIUS not be backward compatible =
with<br>
the old one -- it wouldn't even have a public specification. =
<o:p></o:p></span></p>
</div>
</body>
</html>
------=_NextPart_000_0046_01C85180.6AD55A10--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 06:46:14 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Alan DeKok'" <aland@nitros9.org>
Cc: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Mon, 7 Jan 2008 22:44:53 -0800
Message-ID: <003e01c851c1$fad525f0$f07f71d0$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Thread-Index: AchNvxvE95gozpjSQoKAVguApoAI+AAZAbTw
Content-Language: en-us
Glen Zorn wrote:
> As I said, put that way or any other way you like, ANY change is
> incompatible with existing deployments. If one were to add a new
"standard"
> attribute (in the old format or the proposed VSA-like format or any other)
> it would be incompatible with existing deployments.
That isn't the point. Everyone accepts that implementations have to
be updated to handle new standards. One of the major efforts in RADIUS
has been to maintain backwards compatibility with existing deployments.
[gwz]
You keep saying that but I really don't know where you get this funny idea.
[/gwz]
i.e. if a product doesn't implement the new standard, it can still
communicate with products that do implement that standard.
[gwz]
This proposal breaks that completely. It will be perfectly legal for
implementations of your proposal to put ALL RADIUS attributes as
grouped, inside of an "extended attribute". Any NAS that receives such
a response will get a packet containing *nothing* but VSA's. It will
then decide that there is nothing in the packet that it recognizes, and
will fail.
[gwz]
Only if the authentication method in use is EAP, I think. RFC 2865 doesn't
list any attributes as required in any type of response; if your client
fails because it can't find any attributes in the packet, your client is
broken. Of course, if the aim is to maintain backwards compatibility with
existing _deployments_ (rather than the existing _protocol_) we need to
support broken clients, right?
[/gwz]
i.e. your proposal creates a new protocol that is incompatible with
legacy RADIUS.
[gwz]
Really? Tell me what happens when a NAS receives, say, a tunnel attribute
that it doesn't understand; then tell me how that is different from the
introduction of _any_ new standard attribute and how it constitutes
"communication".
[/gwz]
> Actually, while the timeframe was long, the discussion wasn't: I've only
> received a couple of comments on it in the last months. It _did_ take an
> inordinate amount of time to reject the 'Diameterization' of RADIUS,
> though...
This proposal is no better. It's worse in many respects.
[gwz]
Care to expand upon that a bit?
[/gwz]
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 08 Jan 2008 02:07:38 +0000
Message-ID: <4604.69.12.173.8.1199757980.squirrel@www.trepanning.net>
Date: Mon, 7 Jan 2008 18:06:20 -0800 (PST)
Subject: a review of draft-gaonkar-radext-erp-attrs-02.txt
From: "Dan Harkins" <dharkins@lounge.org>
To: hokey@ietf.org
Cc: radiusext@ops.ietf.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hello,
I took a look at draft-gaonkar-radext-erp-attrs-02.txt and have
a few suggestions.
First of all I suggest the Security Considerations be expanded
considerably. RFC4962 provides guidance to AAA key management protocols
and I would consider the key request/response from this draft to fall
into that category. This RFC lists mandatory requirements that acceptable
key management solutions MUST comply with and provides recommendations
that acceptable key management solutions SHOULD comply with. It is my
understanding that certain of these requirements and recommendations
cannot be supported by this draft and those should be explicitly spelled
out in the Security Considerations with text explaining why RFC4962 is
not being adhered to.
For instance:
- Prevent the Domino Effect
The requirement is that compromise of a single entity (with the
obvious exception of the root of a key hierarchy, e.g. the holder
of the EMSK) will not affect keys held by other entities. This
is not possible when proxies are involved.
The RFC also states in the section on preventing the Domino Effect:
"There are many implications of this requirement; however, two
implications deserve highlighting. First, the scope of the keying
material must be defined and understood by all parties that
communicate with a party that holds that keying material. Second,
a party that holds keying material in a key hierarchy must not share
that keying material with parties that are associated with other
branches in the key hierarchy."
When proxies are involved I am not sure how the scope of the keying
material can be defined and understood by all parties when knowledge
of whether a proxy exists may not even be available to the other
parties, for instance the peer. Also, when proxies are involved how
are they going to be bypassed such that knowledge of multiple branches
of a single key hierarchy will not be provided to a given proxy? I
don't believe it's possible and the draft must address this.
- Bind Key to Its Context
The context bound to a key MUST include: "[t]he other parties that
are expected to have access to the keying material." It is not clear
how this can be adhered to when proxies are involved.
It goes on to state: "In addition, the protocol MUST ensure that all
parties with legitimate access to keying material have the same
context for the keying material. This requires that the parties are
properly identified and authenticated, so that all of the parties
that have access to the keying material can be determined." Again,
it is not clear from the draft how all proxies (or even the existance
of a single proxy) can be determined such that they can be identified.
If it is not possible then the draft has to explain this.
The Security Considerations has to explain the implications of sharing
keys like this, how proxies affect the security of a system implementing
this draft, and why mandatory requirements of an applicable RFC are not
being followed.
My second suggestion is that the "key name" field be made variable.
Based on reading of related drafts it is apparent that SHA-256 is being
used to generate a unique string based on some key label and other cruft
and that output is being truncated to 8 bytes, hence the field is 8 bytes.
(The motivation for using such a strong mixing function only to throw
away most of the result should be mentioned _somewhere_!) But as long as
189 other possible key names it seems shortsighted to believe that everyone
else will generate 8 byte key names. For instance, RADEXT is considering
a keywrap draft that allots 20 bytes to key names. 802.11r is generating
key names that are 16 bytes. I'm not saying that this draft will be used
to request 802.11r keys but merely pointing out that there is no standard
size for a "key name" and it would be prudent to not fix one here,
especially one that is on the small end of the scale.
My last comment concerns IPsec. A RADIUS client and RADIUS server cannot
know whether the data they send down to the IP layer is going to end up
being protected or not. I think that if a key is being sent by some
entity then that entity has to ensure it is being protected adequately
and to know that the entity has to protect the key itself. Either (D)TLS
should be specified or a key-wrapping scheme, preferably based on the SIV
mode of AES, be specified. Please do not mandate the use of IPsec with
RADIUS.
regards,
Dan.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 23:31:38 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=e8HJLA0uek3K3jaYeecsXQBL5VGCMLERUmx7puBtBxy5pWi9kbLjO6HE Qh9/O5uPS3hNE4fWBZT3fLt5GXRifwQrDETKbLWSMjVS+aQ/RwqFgTsrq DxNZmdkXb4XxwidfN2SzG/z81r7/UqePqYoCg5BLbNqWvhApD8DfvlkEO w=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [HOKEY] a transparent proposal
Date: Mon, 7 Jan 2008 15:30:26 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513C228F1@NAEX13.na.qualcomm.com>
Thread-Topic: [HOKEY] a transparent proposal
Thread-Index: AchRgdy2fZS/I5GFSD6EuKD8ye8sNwAAZUvw
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: "Barney Wolff" <barney@databus.com>, "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
Cc: <radiusext@ops.ietf.org>, <hokey@ietf.org>
Hi Barney, all,
An approach with unmodified authenticators was already considered and
rejected by the working group soon after its first meeting as a WG.
That was one of the very first points that was debated and the choice of
a single roundtrip protocol was made consciously, given that several
methods can already offer method-specific reauthentication in 2.5
roundtrips, which is the best the protocol can do with unmodified
authenticators. =20
These discussions can be found by digging through the archives and also
in the meeting minutes of the interim meeting from last year. At this
stage, I'd like to see us make forward progress rather than revisit
topics that have been debated and put to rest a long time ago.=20
Regards,
Vidya=20
> -----Original Message-----
> From: Barney Wolff [mailto:barney@databus.com]=20
> Sent: Monday, January 07, 2008 3:05 PM
> To: Hannes Tschofenig
> Cc: radiusext@ops.ietf.org; hokey@ietf.org
> Subject: Re: [HOKEY] a transparent proposal
>=20
> On Mon, Jan 07, 2008 at 10:54:02AM +0200, Hannes Tschofenig wrote:
> > I don't think that this works since the Authenticator needs=20
> to route=20
> > the messages to a local proxy that later acts as the local=20
> ER server.=20
> > Hence, the Authenticator needs to perform special routing=20
> > functionality. In my recent mail to the list I was=20
> wondering whether=20
> > in Diameter one would have to define a new Diameter application for=20
> > EAP-ER to accomplish this routing since otherwise you might=20
> encounter other interesting effects.
>=20
> It does work, if the NAI that the peer supplies routes=20
> "naturally" to a local ER server. There is no reason the=20
> peer cannot accomplish this, as it certainly knows that it is=20
> attempting reauth. Any NAI that ends in .reauth or @reauth=20
> would be guaranteed to be workable, but we might consider=20
> whether something like ReAuTh%<iKeyname>%<seq>%<hash>%<originalNAI>
> might be better, as a reauth-supporting AAA proxy on the=20
> route could recognize it, while if there is no support for=20
> reauth in the new domain the request should end up at the=20
> original home AAA server.
>=20
> I'm a little vague on how the current HOKEY drafts are=20
> supposed to work in scenarios such as:
> - new authenticator does not support reauth
> - new authenticator supports reauth but the ER server=20
> failed to get the
> necessary info for this peer
>=20
> Any HOKEY scheme clearly has to be workable during what's=20
> likely to be an extended transition, in the sense that an=20
> upgraded peer should not cause an appreciably worse user=20
> experience than an old peer, when dealing with a non-upgraded=20
> domain, and vice-versa. Or am I confused as to the intended=20
> deployment plans?
>=20
> Regards,
> Barney
>=20
> > Barney Wolff wrote:
> >> I've been reading the HOKEY drafts, and am somewhat taken aback by=20
> >> the extent of the required changes. I know it's late in=20
> the process,=20
> >> but I wonder if the HOKEY group has considered and=20
> rejected an idea=20
> >> like the following. If so, why? If not, and there is some=20
> >> expression of support, I could write it up as a draft.
> >>=20
> >> Make HOKEY transparent to the authenticator - peer and=20
> server have to=20
> >> know, but the authenticator does not.
> >>=20
> >> As part of the initial EAP conversation, peer & server agree that=20
> >> HOKEY may be done. The MSK that the server sends to the=20
> >> authenticator is not the real MSK, but a=20
> >> domain-authenticator-specific key derived from it that the=20
> peer can also derive.
> >>=20
> >> When the peer connects to another authenticator, the identity it=20
> >> supplies is a reauth-NAI given to it by the original server rather=20
> >> than the id it supplied at initial auth. Based on the id, the new=20
> >> authenticator naturally routes its access-requests to a reauth=20
> >> server, without needing any code updates. The reauth server goes=20
> >> through an abbreviated conversation with the peer, and=20
> upon success=20
> >> sends the newly-derived domain-authenticator-specific key to the=20
> >> authenticator. Class can be used to tie together all the pieces.
> >>=20
> >> Advantages:
> >>=20
> >> Authenticator is completely unchanged.
> >>=20
> >> AAA proxies are completely unchanged.
> >>=20
> >> Peer behavior remains that of an EAP responder, rather than being=20
> >> both requester (for reauth) and responder (for initial=20
> auth) in the=20
> >> current HOKEY drafts. The HOKEY drafts seem to do considerable=20
> >> philosophical violence to EAP in this regard.
> >>=20
> >> No new EAP codes. HOKEY can be done as a new EAP method.
> >>=20
> >> Disadvantages:
> >>=20
> >> There is an extra round-trip, but it is to a (presumably local)=20
> >> reauth server. Even that could be avoided if the=20
> authenticator were=20
> >> to be upgraded to recognize a reauth-identity and generate a=20
> >> reauth-eap request itself. But I suspect that's not=20
> really necessary.
> >>=20
> >> =20
>=20
> --=20
> Barney Wolff I never met a computer I didn't like.
>=20
>=20
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 23:06:09 +0000
Date: Mon, 7 Jan 2008 18:05:16 -0500
From: Barney Wolff <barney@databus.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Cc: hokey@ietf.org, radiusext@ops.ietf.org
Subject: Re: [HOKEY] a transparent proposal
Message-ID: <20080107230516.GA89703@pit.databus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
On Mon, Jan 07, 2008 at 10:54:02AM +0200, Hannes Tschofenig wrote:
> I don't think that this works since the Authenticator needs to route the
> messages to a local proxy that later acts as the local ER server. Hence,
> the Authenticator needs to perform special routing functionality. In my
> recent mail to the list I was wondering whether in Diameter one would have
> to define a new Diameter application for EAP-ER to accomplish this routing
> since otherwise you might encounter other interesting effects.
It does work, if the NAI that the peer supplies routes "naturally" to a
local ER server. There is no reason the peer cannot accomplish this, as
it certainly knows that it is attempting reauth. Any NAI that ends in
.reauth or @reauth would be guaranteed to be workable, but we might
consider whether something like ReAuTh%<iKeyname>%<seq>%<hash>%<originalNAI>
might be better, as a reauth-supporting AAA proxy on the route could
recognize it, while if there is no support for reauth in the new domain
the request should end up at the original home AAA server.
I'm a little vague on how the current HOKEY drafts are supposed to work
in scenarios such as:
- new authenticator does not support reauth
- new authenticator supports reauth but the ER server failed to get the
necessary info for this peer
Any HOKEY scheme clearly has to be workable during what's likely to be an
extended transition, in the sense that an upgraded peer should not cause
an appreciably worse user experience than an old peer, when dealing with
a non-upgraded domain, and vice-versa. Or am I confused as to the intended
deployment plans?
Regards,
Barney
> Barney Wolff wrote:
>> I've been reading the HOKEY drafts, and am somewhat taken aback by
>> the extent of the required changes. I know it's late in the process,
>> but I wonder if the HOKEY group has considered and rejected an idea
>> like the following. If so, why? If not, and there is some expression
>> of support, I could write it up as a draft.
>>
>> Make HOKEY transparent to the authenticator - peer and server have to know,
>> but the authenticator does not.
>>
>> As part of the initial EAP conversation, peer & server agree that HOKEY may
>> be done. The MSK that the server sends to the authenticator is not the
>> real MSK, but a domain-authenticator-specific key derived from it that
>> the peer can also derive.
>>
>> When the peer connects to another authenticator, the identity it
>> supplies is a reauth-NAI given to it by the original server rather
>> than the id it supplied at initial auth. Based on the id, the new
>> authenticator naturally routes its access-requests to a reauth
>> server, without needing any code updates. The reauth server goes
>> through an abbreviated conversation with the peer, and upon success
>> sends the newly-derived domain-authenticator-specific key to the
>> authenticator. Class can be used to tie together all the pieces.
>>
>> Advantages:
>>
>> Authenticator is completely unchanged.
>>
>> AAA proxies are completely unchanged.
>>
>> Peer behavior remains that of an EAP responder, rather than being both
>> requester (for reauth) and responder (for initial auth) in the current
>> HOKEY drafts. The HOKEY drafts seem to do considerable philosophical
>> violence to EAP in this regard.
>>
>> No new EAP codes. HOKEY can be done as a new EAP method.
>>
>> Disadvantages:
>>
>> There is an extra round-trip, but it is to a (presumably local) reauth
>> server. Even that could be avoided if the authenticator were to be
>> upgraded to recognize a reauth-identity and generate a reauth-eap
>> request itself. But I suspect that's not really necessary.
>>
>>
--
Barney Wolff I never met a computer I didn't like.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 19:01:05 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Barney Wolff'" <barney@databus.com>
Cc: <hokey@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [HOKEY] a transparent proposal
Date: Mon, 7 Jan 2008 10:59:56 -0800
Message-ID: <008001c8515f$7fd11150$7f7333f0$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AchQvQ70pYE6vRQFQlKy/mU1hEdJZAAoSy/w
Content-Language: en-us
I've been reading the HOKEY drafts, and am somewhat taken aback by
the extent of the required changes. I know it's late in the process,
but I wonder if the HOKEY group has considered and rejected an idea
like the following. If so, why? If not, and there is some expression
of support, I could write it up as a draft.
[gwz]
I think that this is a splendid idea, w/just one (major) problem: our
charter says that hokey must require
"No changes to EAP methods. Any extensions defined to EAP must not cause
changes to existing EAP methods." In addition, hokey must not rely upon the
use of any particular (initial) EAP method, which is what it sounds like you
are suggesting. If we could figure out how to pass back the reuth ID in
another way (maybe a Notification-Request injected into the initial EAP
conversation by the local hokey server?), I think this would be great.
[/gwz]
Make HOKEY transparent to the authenticator - peer and server have to know,
but the authenticator does not.
As part of the initial EAP conversation, peer & server agree that HOKEY may
be done. The MSK that the server sends to the authenticator is not the
real MSK, but a domain-authenticator-specific key derived from it that
the peer can also derive.
When the peer connects to another authenticator, the identity it
supplies is a reauth-NAI given to it by the original server rather
than the id it supplied at initial auth. Based on the id, the new
authenticator naturally routes its access-requests to a reauth
server, without needing any code updates. The reauth server goes
through an abbreviated conversation with the peer, and upon success
sends the newly-derived domain-authenticator-specific key to the
authenticator. Class can be used to tie together all the pieces.
Advantages:
Authenticator is completely unchanged.
AAA proxies are completely unchanged.
Peer behavior remains that of an EAP responder, rather than being both
requester (for reauth) and responder (for initial auth) in the current
HOKEY drafts. The HOKEY drafts seem to do considerable philosophical
violence to EAP in this regard.
No new EAP codes. HOKEY can be done as a new EAP method.
Disadvantages:
There is an extra round-trip, but it is to a (presumably local) reauth
server. Even that could be avoided if the authenticator were to be
upgraded to recognize a reauth-identity and generate a reauth-eap
request itself. But I suspect that's not really necessary.
--
Barney Wolff I never met a computer I didn't like.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 18:57:40 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=GFkrzRceinJOeM5AMCkH5L01YcEVxGAZMcca4eC4lohiIDPPwrC7WVpQ PvwpaaLjA7pFkLrejNif1KC6fCIUJ8U55HWb/ZP1625jfB1BAyXCjclNX T5iRaYlz9qDsaUkz/fmnr+AZyPJHeHcG4+fc4CPJkpdNutMJNnl1om6wr Q=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: AAA Routing in ERX (was RE: [HOKEY] a transparent proposal)
Date: Mon, 7 Jan 2008 10:53:06 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513C22869@NAEX13.na.qualcomm.com>
Thread-Topic: AAA Routing in ERX (was RE: [HOKEY] a transparent proposal)
Thread-Index: AchRRh1pz5hF/7MgRhOGQUjRBX2TLwAFrGwg
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: "Bernard Aboba" <bernard_aboba@hotmail.com>, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, <barney@databus.com>
Cc: <hokey@ietf.org>, <radiusext@ops.ietf.org>
Hi Bernard,
AAA routing in ERX is still done based on the realm. It is up to the
local domain how the key state replication is handled. If there are
multiple local ER servers in the same domain for redundancy sake, key
state may be replicated across those servers. While ERX provides no
provisions for such AAA replication, this is not restricted by ERX.=20
So, there are no changes to AAA routing between regular EAP and ERX. In
fact, this was one of the debated points earlier on in the design when
the choice was made to keep the AAA routing the same to minimize impact
to AAA entities.=20
Thanks,
Vidya
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Monday, January 07, 2008 7:56 AM
> To: Hannes Tschofenig; barney@databus.com
> Cc: hokey@ietf.org; radiusext@ops.ietf.org
> Subject: RE: [HOKEY] a transparent proposal
>=20
> To avoid changes to existing RADIUS routing procedures, the=20
> messages would need to be routed to based on the realm in the NAI. =20
>=20
> However, the routing requirements for the ERX application are=20
> different from those in normal AAA exchanges, because here=20
> key state (unlike the AAA credentials database) is not=20
> replicated. That means that messages can't just be routed=20
> based on a "Domain Identifier" -- they actually have to be=20
> addressed to specific servers, since only those servers will=20
> hold the required key state.=20
>=20
> For example, a "session resume NAI" could identify the=20
> specific EAP Session-Id that is being resumed, as well as the=20
> realm in which that key resides. However, an NAI including=20
> only the realm will not necessarily be routed to the server=20
> or proxy that holds the key state, because AAA deployments=20
> often point the authenticators at different AAA servers or=20
> proxies for load balancing purposes. To ensure that the=20
> request goes to the right place, the specific server name=20
> needs to be provided within the NAI. =20
>=20
> This may not be that easy to produce. Not all EAP methods=20
> produce the Server-Id, so the peer may not be able to include=20
> the specific server name in a "session resume NAI" sent to=20
> the home AAA server. For the peer to compose a "session=20
> resume NAI" for the local realm, it would have to learn the=20
> local server name, not just a "Domain Identifier". =20
>=20
>=20
> > Date: Mon, 7 Jan 2008 10:54:02 +0200
> > From: Hannes.Tschofenig@gmx.net
> > To: barney@databus.com
> > CC: hokey@ietf.org; radiusext@ops.ietf.org
> > Subject: Re: [HOKEY] a transparent proposal
> >=20
> > I don't think that this works since the Authenticator needs=20
> to route=20
> > the messages to a local proxy that later acts as the local=20
> ER server.=20
> > Hence, the Authenticator needs to perform special routing=20
> > functionality. In my recent mail to the list I was=20
> wondering whether=20
> > in Diameter one would have to define a new Diameter application for=20
> > EAP-ER to accomplish this routing since otherwise you might=20
> encounter other interesting effects.
> >=20
> > Ciao
> > Hannes
> >=20
> >=20
> >=20
> >=20
> >=20
> > Barney Wolff wrote:
> > > I've been reading the HOKEY drafts, and am somewhat taken=20
> aback by=20
> > > the extent of the required changes. I know it's late in=20
> the process,=20
> > > but I wonder if the HOKEY group has considered and=20
> rejected an idea=20
> > > like the following. If so, why? If not, and there is some=20
> expression=20
> > > of support, I could write it up as a draft.
> > >
> > > Make HOKEY transparent to the authenticator - peer and=20
> server have=20
> > > to know, but the authenticator does not.
> > >
> > > As part of the initial EAP conversation, peer & server agree that=20
> > > HOKEY may be done. The MSK that the server sends to the=20
> > > authenticator is not the real MSK, but a=20
> > > domain-authenticator-specific key derived from it that=20
> the peer can also derive.
> > >
> > > When the peer connects to another authenticator, the identity it=20
> > > supplies is a reauth-NAI given to it by the original=20
> server rather=20
> > > than the id it supplied at initial auth. Based on the id, the new=20
> > > authenticator naturally routes its access-requests to a reauth=20
> > > server, without needing any code updates. The reauth server goes=20
> > > through an abbreviated conversation with the peer, and=20
> upon success=20
> > > sends the newly-derived domain-authenticator-specific key to the=20
> > > authenticator. Class can be used to tie together all the pieces.
> > >
> > > Advantages:
> > >
> > > Authenticator is completely unchanged.
> > >
> > > AAA proxies are completely unchanged.
> > >
> > > Peer behavior remains that of an EAP responder, rather than being=20
> > > both requester (for reauth) and responder (for initial=20
> auth) in the=20
> > > current HOKEY drafts. The HOKEY drafts seem to do considerable=20
> > > philosophical violence to EAP in this regard.
> > >
> > > No new EAP codes. HOKEY can be done as a new EAP method.
> > >
> > > Disadvantages:
> > >
> > > There is an extra round-trip, but it is to a (presumably local)=20
> > > reauth server. Even that could be avoided if the=20
> authenticator were=20
> > > to be upgraded to recognize a reauth-identity and generate a=20
> > > reauth-eap request itself. But I suspect that's not=20
> really necessary.
> > >
> > >=20
> >=20
> >=20
> > --
> > to unsubscribe send a message to=20
> radiusext-request@ops.ietf.org with=20
> > the word 'unsubscribe' in a single line as the message text body.
> > archive: <http://psg.com/lists/radiusext/>
>=20
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 18:51:43 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Bernard Aboba'" <bernard_aboba@hotmail.com>, "'Hannes Tschofenig'" <hannes.tschofenig@gmx.net>, <barney@databus.com>
Cc: <hokey@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [HOKEY] a transparent proposal
Date: Mon, 7 Jan 2008 10:50:39 -0800
Message-ID: <007501c8515e$333c1390$99b43ab0$@net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0076_01C8511B.2518D390"
Thread-Index: AchRRn77XX9NdLvrSnqpprQryHHUQQAEXGBw
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_0076_01C8511B.2518D390
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
To avoid changes to existing RADIUS routing procedures, the messages would
need to be routed to based on the realm in the NAI.
[gwz] Yes. [/gwz]
However, the routing requirements for the ERX application are different from
those in normal AAA exchanges, because here key state (unlike the AAA
credentials database) is not replicated.
[gwz]
I'm not sure where you get that idea; replication has not been called out
as a specific hokey requirement but I don't recall anyone saying that it
can't exist.
[/gwz]
That means that messages can't just be routed based on a "Domain Identifier"
-- they actually have to be addressed to specific servers, since only those
servers will hold the required key state.
For example, a "session resume NAI" could identify the specific EAP
Session-Id that is being resumed, as well as the realm in which that key
resides. However, an NAI including only the realm will not necessarily be
routed to the server or proxy that holds the key state, because AAA
deployments often point the authenticators at different AAA servers or
proxies for load balancing purposes. To ensure that the request goes to
the right place, the specific server name needs to be provided within the
NAI.
[gwz]
Although it would be best if the sets of hokey and AAA servers in a given
domain were to intersect, it is not mandatory; in particvlar, the sets
need not be not be equal. This suggests that AAA routing is essentially
irrelevant to hokey: it is the AAA routing method we're talking abour using,
not necessarily the AAA routes or infrastructure. Even assuming that the
sets are equal, I'm not sure why the reauth state wouldn't be replicated the
with the rest of session state that is held by virtually all AAA (even
RADIUS) servers.
[/gwz]
This may not be that easy to produce. Not all EAP methods produce the
Server-Id, so the peer may not be able to include the specific server name
in a "session resume NAI" sent to the home AAA server. For the peer to
compose a "session resume NAI" for the local realm, it would have to learn
the local server name, not just a "Domain Identifier".
[gwz]
OK, I also don't know why the peer would be composing this NAI; I thought
that the idea was that the reauth identity would be passed back to the peer
from the local reauth server as part of the original EAP conversation (maybe
in a Notification-Request, since we can't make hokey depend upon a "special"
initial EAP method).
[/gwz]
.
------=_NextPart_000_0076_01C8511B.2518D390
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>To
avoid changes to existing RADIUS routing procedures, the messages would =
need to
be routed to based on the realm in the NAI. <br>
</span><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz] Yes. [/gwz]</span></i></b><span =
style=3D'font-size:10.0pt;
font-family:"Tahoma","sans-serif"'><br>
However, the routing requirements for the ERX application are different =
from
those in normal AAA exchanges, because here key state (unlike the AAA
credentials database) is not replicated. <span =
style=3D'color:#1F497D'><o:p></o:p></span></span></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> I'm not sure where you get that idea; replication =
has not
been called out as a specific hokey requirement but I don't recall =
anyone
saying that it can't exist.<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[/gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>That
means that messages can't just be routed based on a "Domain
Identifier" -- they actually have to be addressed to specific =
servers,
since only those servers will hold the required key state. <br>
<br>
For example, a "session resume NAI" could identify the =
specific EAP
Session-Id that is being resumed, as well as the realm in which that key
resides. However, an NAI including only the realm will not =
necessarily be
routed to the server or proxy that holds the key state, because AAA =
deployments
often point the authenticators at different AAA servers or proxies for =
load
balancing purposes. To ensure that the request goes to the =
right
place, the specific server name needs to be provided within the =
NAI. <span
style=3D'color:#1F497D'><o:p></o:p></span></span></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz] <o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Although it would be best if the sets of hokey and AAA =
servers
in a given domain were to intersect, it is not mandatory; in =
particvlar, the
sets need not be not be equal. This suggests that AAA =
routing
is essentially irrelevant to hokey: it is the AAA routing =
</span></i></b><b><span
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'>method
<i>we're talking abour using, not necessarily the AAA routes or =
infrastructure.
Even assuming that the sets are equal, I'm not sure why the reauth state
wouldn't be replicated the with the rest of session state that is =
held by
virtually all AAA (even RADIUS) servers.<o:p></o:p></i></span></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:#1F497D'>[/gwz] </span></i></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif"'><br>
<br>
This may not be that easy to produce. Not all EAP methods produce =
the
Server-Id, so the peer may not be able to include the specific server =
name in a
"session resume NAI" sent to the home AAA server. For =
the peer
to compose a "session resume NAI" for the local realm, it =
would have
to learn the local server name, not just a "Domain =
Identifier".
<span style=3D'color:#1F497D'><o:p></o:p></span></span></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[gwz]<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> OK, I also don't know why the peer would be =
composing this
NAI; I thought that the idea was that the reauth identity would be =
passed back
to the peer from the local reauth server as part of the original EAP
conversation (maybe in a Notification-Request, since we can't make hokey =
depend
upon a "special" initial EAP =
method).<o:p></o:p></span></i></b></p>
<p class=3DMsoNormal><b><i><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:#1F497D'>[/gwz]</span></i></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif"'><br>
<br>
<br>
<span style=3D'color:#1F497D'>…</span><o:p></o:p></span></p>
</div>
</body>
</html>
------=_NextPart_000_0076_01C8511B.2518D390--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 15:57:10 +0000
Message-ID: <BAY117-W291C9A12DCFF6CB96EB49E934F0@phx.gbl>
Content-Type: multipart/alternative; boundary="_534e0f42-8ceb-4f7d-b8fc-59108b4dfbac_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, <barney@databus.com>
CC: <hokey@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [HOKEY] a transparent proposal
Date: Mon, 7 Jan 2008 07:55:51 -0800
MIME-Version: 1.0
--_534e0f42-8ceb-4f7d-b8fc-59108b4dfbac_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To avoid changes to existing RADIUS routing procedures, the messages would =
need to be routed to based on the realm in the NAI. =20
However, the routing requirements for the ERX application are different fro=
m those in normal AAA exchanges, because here key state (unlike the AAA cre=
dentials database) is not replicated. That means that messages can't just=
be routed based on a "Domain Identifier" -- they actually have to be addre=
ssed to specific servers, since only those servers will hold the required k=
ey state.=20
For example, a "session resume NAI" could identify the specific EAP Session=
-Id that is being resumed, as well as the realm in which that key resides. =
However, an NAI including only the realm will not necessarily be routed to=
the server or proxy that holds the key state, because AAA deployments ofte=
n point the authenticators at different AAA servers or proxies for load bal=
ancing purposes. To ensure that the request goes to the right place, the =
specific server name needs to be provided within the NAI. =20
This may not be that easy to produce. Not all EAP methods produce the Serv=
er-Id, so the peer may not be able to include the specific server name in a=
"session resume NAI" sent to the home AAA server. For the peer to compose=
a "session resume NAI" for the local realm, it would have to learn the loc=
al server name, not just a "Domain Identifier". =20
> Date: Mon, 7 Jan 2008 10:54:02 +0200
> From: Hannes.Tschofenig@gmx.net
> To: barney@databus.com
> CC: hokey@ietf.org; radiusext@ops.ietf.org
> Subject: Re: [HOKEY] a transparent proposal
>=20
> I don't think that this works since the Authenticator needs to route the=
=20
> messages to a local proxy that later acts as the local ER server. Hence,=
=20
> the Authenticator needs to perform special routing functionality. In my=20
> recent mail to the list I was wondering whether in Diameter one would=20
> have to define a new Diameter application for EAP-ER to accomplish this=20
> routing since otherwise you might encounter other interesting effects.
>=20
> Ciao
> Hannes
>=20
>=20
>=20
>=20
>=20
> Barney Wolff wrote:
> > I've been reading the HOKEY drafts, and am somewhat taken aback by
> > the extent of the required changes. I know it's late in the process,
> > but I wonder if the HOKEY group has considered and rejected an idea
> > like the following. If so, why? If not, and there is some expression
> > of support, I could write it up as a draft.
> >
> > Make HOKEY transparent to the authenticator - peer and server have to k=
now,
> > but the authenticator does not.
> >
> > As part of the initial EAP conversation, peer & server agree that HOKEY=
may
> > be done. The MSK that the server sends to the authenticator is not the
> > real MSK, but a domain-authenticator-specific key derived from it that
> > the peer can also derive.
> >
> > When the peer connects to another authenticator, the identity it
> > supplies is a reauth-NAI given to it by the original server rather
> > than the id it supplied at initial auth. Based on the id, the new
> > authenticator naturally routes its access-requests to a reauth
> > server, without needing any code updates. The reauth server goes
> > through an abbreviated conversation with the peer, and upon success
> > sends the newly-derived domain-authenticator-specific key to the
> > authenticator. Class can be used to tie together all the pieces.
> >
> > Advantages:
> >
> > Authenticator is completely unchanged.
> >
> > AAA proxies are completely unchanged.
> >
> > Peer behavior remains that of an EAP responder, rather than being both
> > requester (for reauth) and responder (for initial auth) in the current
> > HOKEY drafts. The HOKEY drafts seem to do considerable philosophical
> > violence to EAP in this regard.
> >
> > No new EAP codes. HOKEY can be done as a new EAP method.
> >
> > Disadvantages:
> >
> > There is an extra round-trip, but it is to a (presumably local) reauth
> > server. Even that could be avoided if the authenticator were to be
> > upgraded to recognize a reauth-identity and generate a reauth-eap
> > request itself. But I suspect that's not really necessary.
> >
> > =20
>=20
>=20
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
--_534e0f42-8ceb-4f7d-b8fc-59108b4dfbac_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
To avoid changes to existing RADIUS routing procedures, the messages would =
need to be routed to based on the realm in the NAI. <br><br>However, =
the routing requirements for the ERX application are different from those i=
n normal AAA exchanges, because here key state (unlike the AAA credentials =
database) is not replicated. That means that messages can't jus=
t be routed based on a "Domain Identifier" -- they actually have to be addr=
essed to specific servers, since only those servers will hold the required =
key state. <br><br>For example, a "session resume NAI" could identify the s=
pecific EAP Session-Id that is being resumed, as well as the realm in which=
that key resides. However, an NAI including only the realm will not =
necessarily be routed to the server or proxy that holds the key state, beca=
use AAA deployments often point the authenticators at different AAA servers=
or proxies for load balancing purposes. To ensure that the req=
uest goes to the right place, the specific server name needs to be provided=
within the NAI. <br><br>This may not be that easy to produce. =
Not all EAP methods produce the Server-Id, so the peer may not be able to i=
nclude the specific server name in a "session resume NAI" sent to the home =
AAA server. For the peer to compose a "session resume NAI" for the lo=
cal realm, it would have to learn the local server name, not just a "Domain=
Identifier". <br><br><br>> Date: Mon, 7 Jan 2008 10:54:02 +0200<b=
r>> From: Hannes.Tschofenig@gmx.net<br>> To: barney@databus.com<br>&g=
t; CC: hokey@ietf.org; radiusext@ops.ietf.org<br>> Subject: Re: [HOKEY] =
a transparent proposal<br>> <br>> I don't think that this works since=
the Authenticator needs to route the <br>> messages to a local proxy th=
at later acts as the local ER server. Hence, <br>> the Authenticator nee=
ds to perform special routing functionality. In my <br>> recent mail to =
the list I was wondering whether in Diameter one would <br>> have to def=
ine a new Diameter application for EAP-ER to accomplish this <br>> routi=
ng since otherwise you might encounter other interesting effects.<br>> <=
br>> Ciao<br>> Hannes<br>> <br>> <br>> <br>> <br>> <br=
>> Barney Wolff wrote:<br>> > I've been reading the HOKEY drafts, =
and am somewhat taken aback by<br>> > the extent of the required chan=
ges. I know it's late in the process,<br>> > but I wonder if the HOK=
EY group has considered and rejected an idea<br>> > like the followin=
g. If so, why? If not, and there is some expression<br>> > of suppo=
rt, I could write it up as a draft.<br>> ><br>> > Make HOKEY tr=
ansparent to the authenticator - peer and server have to know,<br>> >=
but the authenticator does not.<br>> ><br>> > As part of the i=
nitial EAP conversation, peer & server agree that HOKEY may<br>> >=
; be done. The MSK that the server sends to the authenticator is not the<b=
r>> > real MSK, but a domain-authenticator-specific key derived from =
it that<br>> > the peer can also derive.<br>> ><br>> > Wh=
en the peer connects to another authenticator, the identity it<br>> >=
supplies is a reauth-NAI given to it by the original server rather<br>>=
> than the id it supplied at initial auth. Based on the id, the new<br=
>> > authenticator naturally routes its access-requests to a reauth<b=
r>> > server, without needing any code updates. The reauth server go=
es<br>> > through an abbreviated conversation with the peer, and upon=
success<br>> > sends the newly-derived domain-authenticator-specific=
key to the<br>> > authenticator. Class can be used to tie together =
all the pieces.<br>> ><br>> > Advantages:<br>> ><br>> =
> Authenticator is completely unchanged.<br>> ><br>> > AAA p=
roxies are completely unchanged.<br>> ><br>> > Peer behavior re=
mains that of an EAP responder, rather than being both<br>> > request=
er (for reauth) and responder (for initial auth) in the current<br>> >=
; HOKEY drafts. The HOKEY drafts seem to do considerable philosophical<br>=
> > violence to EAP in this regard.<br>> ><br>> > No new =
EAP codes. HOKEY can be done as a new EAP method.<br>> ><br>> >=
; Disadvantages:<br>> ><br>> > There is an extra round-trip, bu=
t it is to a (presumably local) reauth<br>> > server. Even that coul=
d be avoided if the authenticator were to be<br>> > upgraded to recog=
nize a reauth-identity and generate a reauth-eap<br>> > request itsel=
f. But I suspect that's not really necessary.<br>> ><br>> > =
<br>> <br>> <br>> --<br>> to unsubscribe send a message to radi=
usext-request@ops.ietf.org with<br>> the word 'unsubscribe' in a single =
line as the message text body.<br>> archive: <http://psg.com/lists/ra=
diusext/><br></body>
</html>=
--_534e0f42-8ceb-4f7d-b8fc-59108b4dfbac_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 12:30:30 +0000
Message-ID: <47821ACC.4070705@deployingradius.com>
Date: Mon, 07 Jan 2008 13:27:56 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
CC: barney@databus.com, hokey@ietf.org, radiusext@ops.ietf.org
Subject: Re: [HOKEY] a transparent proposal
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hannes Tschofenig wrote:
> I don't think that this works since the Authenticator needs to route the
> messages to a local proxy that later acts as the local ER server.
This scenario already includes roaming users, so the local AAA
server(s) already do realm routing. Adding one more for a local ER
server shouldn't be major change.
> Hence,
> the Authenticator needs to perform special routing functionality.
I don't believe so. The local *AAA* server needs to perform special
routing. But as noted above, it already does this.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 08:54:39 +0000
Message-ID: <4781E8AA.4040200@gmx.net>
Date: Mon, 07 Jan 2008 10:54:02 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: barney@databus.com
CC: hokey@ietf.org, radiusext@ops.ietf.org
Subject: Re: [HOKEY] a transparent proposal
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I don't think that this works since the Authenticator needs to route the
messages to a local proxy that later acts as the local ER server. Hence,
the Authenticator needs to perform special routing functionality. In my
recent mail to the list I was wondering whether in Diameter one would
have to define a new Diameter application for EAP-ER to accomplish this
routing since otherwise you might encounter other interesting effects.
Ciao
Hannes
Barney Wolff wrote:
> I've been reading the HOKEY drafts, and am somewhat taken aback by
> the extent of the required changes. I know it's late in the process,
> but I wonder if the HOKEY group has considered and rejected an idea
> like the following. If so, why? If not, and there is some expression
> of support, I could write it up as a draft.
>
> Make HOKEY transparent to the authenticator - peer and server have to know,
> but the authenticator does not.
>
> As part of the initial EAP conversation, peer & server agree that HOKEY may
> be done. The MSK that the server sends to the authenticator is not the
> real MSK, but a domain-authenticator-specific key derived from it that
> the peer can also derive.
>
> When the peer connects to another authenticator, the identity it
> supplies is a reauth-NAI given to it by the original server rather
> than the id it supplied at initial auth. Based on the id, the new
> authenticator naturally routes its access-requests to a reauth
> server, without needing any code updates. The reauth server goes
> through an abbreviated conversation with the peer, and upon success
> sends the newly-derived domain-authenticator-specific key to the
> authenticator. Class can be used to tie together all the pieces.
>
> Advantages:
>
> Authenticator is completely unchanged.
>
> AAA proxies are completely unchanged.
>
> Peer behavior remains that of an EAP responder, rather than being both
> requester (for reauth) and responder (for initial auth) in the current
> HOKEY drafts. The HOKEY drafts seem to do considerable philosophical
> violence to EAP in this regard.
>
> No new EAP codes. HOKEY can be done as a new EAP method.
>
> Disadvantages:
>
> There is an extra round-trip, but it is to a (presumably local) reauth
> server. Even that could be avoided if the authenticator were to be
> upgraded to recognize a reauth-identity and generate a reauth-eap
> request itself. But I suspect that's not really necessary.
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 07 Jan 2008 08:44:15 +0000
Message-ID: <4781E616.3030302@gmx.net>
Date: Mon, 07 Jan 2008 10:43:02 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
CC: radiusext@ops.ietf.org, hokey@ietf.org
Subject: Re: AAA Routing with EAP-ER
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Hi Bernhard,
Bernard Aboba wrote:
> I think this makes the assumption that every Diameter agent advertising=
> support for the ERX application understands ERX.
That's not really desirable.
> While Diameter auth=20
> servers do need to understand the application to advertise it, Diameter=
agents=20
> may only be able to forward the messages. =20
> =20
Correct.
> =20
> This could become an issue if there is an expectation that the "local s=
erver"
> will process a packet whose NAI realm is not the local realm. =20
Based on my understanding this seems to be the case with EAP-ER.
> Instead of
> processing the packet, the Diameter agent would forward the packet to
> the server corresponding to the NAI realm (e.g. the home server).=20
> =20
> The issue is that there is no equivalent of the "router alert" option f=
or
> AAA.=20
> =20
I know.
It seems that you are saying that a new Diameter application would be=20
necessary to accomplish the required functionality in a reasonable way.
Ciao
Hannes
> =20
> =20
>> Date: Fri, 4 Jan 2008 11:56:35 +0100> From: Hannes.Tschofenig@gmx.net>=
To: Bernard_Aboba@hotmail.com> CC: radiusext@ops.ietf.org; hokey@ietf.or=
g> Subject: AAA Routing with EAP-ER> > Working on> http://tools.ietf.org/=
wg/dime/draft-dondeti-dime-erp-diameter-01.txt> the question of defining =
AVPs vs. defining a new Diameter application > showed up.> > I wrote a se=
ction about this into that draft and I wonder whether my > assumptions ar=
e reasonable:> > 3. Assumptions> > This document defines additional optio=
nal AVPs for usage with the> Diameter EAP application. Routing of these m=
essages is therefore> provided via the Diameter Application Identifier (a=
mong other> elements), as specified by the Diameter Base protocol [4]. Ba=
sed on> the deployment of ERP, a local Diameter server (the same entity> =
serves as a Diameter proxy during the full EAP authentication) may> play =
the role of the ER server for future re-authentication attempts.> As such=
, the local Diameter server requesting the DSRK needs to be in> the path =
of the current EAP exchange between the peer and the EAP> server and also=
along the path in the future. The Diameter client is > furthermore assum=
ed to be able to route the re-authentication > messages to the ER server.=
> > > Depending on some of the answers to the questions raised in this > =
discussion it might be necessary to define a new Diameter application > r=
ather than just defining new AVPs.> > Ciao> Hannes> > > Bernard_Aboba@hot=
mail.com wrote:> >> When the peer, the local domain and the AAA-Home also=
> >> support ERP, a DSRK (DSRK1) may be requested by the local ER server =
A at> >> the time of the EAP exchange.> >> > Some questions:> >> > 1. Is =
the "Local ER server" always a RADIUS client? The ERX > > document seems =
to> > indicate that this might not always be the case.> >> > 2. How is th=
e request for the DSRK made by the "local ER server"? > > Is the> > reque=
st authenticated with user credentials? How does the RADIUS server> > det=
ermine if the Request is valid?> >> > 3. How does the RADIUS server know =
how to reach the "Local ER server"?> > The ERX document talks about a "Do=
main Identity". How does the RADIUS > > server> > use the "Domain Identit=
y" to determine what RADIUS client to send a > > packet to?> > Is there a=
n assumption that the "Local ER server" is one hop away from > > the> > h=
ome RADIUS server? What attributes need to be placed within an > > Access=
-Accept> > to ensure that the packet is routed to the "local server"?> >>=
> 4. In Figure 1, the ERX document shows the following flow:> >> > [<-- =
EAP-Request/ ------> > Identity]> > [<-- EAP Initiate/ ------> > Reauth-S=
tart]> >> > Is this a typo? The figure shows that the EAP-Request/Identit=
y isn't > > being responded> > to by the peer. If the peer implements RFC=
3748, won't it send an > > EAP-Response,> > which will be passed to the =
RADIUS server, which will then initiate > > EAP? Figure 1> > seems to sho=
w the EAP peer ignoring the EAP-Request, which> > implies that it needs t=
o wait for some period of time for another > > message, which> > might or=
might not arrive. How long should it wait?> >> > If the peer doesn't res=
pond to the EAP-Request/Identity, according to > > RFC 3748> > and RFC 41=
37, the NAS will retransmit. So we'll have two EAP > > conversations> > g=
oing on at once?> >> > 5. In Figure 2, the peer is initiating what would =
appear to be a > > standard> > RADIUS/EAP conversation via the EAP-Respon=
se/Identity. However, it> > would appear that the EAP Response/Identity i=
s being "augmented" by> > the local server. It's hard for me to tell from=
the figure whether the> > [DSRK Req, Domain Identity] is being inserted =
within the > > EAP-Response/Identity,> > or whether it represents separat=
e RADIUS attributes. Can you clarify?> >> > 6. If the "local 'server" isn=
't on the path between the NAS and the > > home server> > (as it might no=
t be, because of failover), what happens? Does each > > proxy> > also nee=
d to host a "local server" to make sure that doesn't occur?> > If the "lo=
cal server" is not on the path, then it seems like two > > distinct messa=
ges> > would be required. Is there an expectation that the RADIUS > > Acc=
ess-Accept> > will be multicast, or that two distinct RADIUS Access-Accep=
t packets will> > be sent?> >> >> >> >> >> >> > -- > > to unsubscribe sen=
d a message to radiusext-request@ops.ietf.org with> > the word 'unsubscri=
be' in a single line as the message text body.> > archive: <http://psg.co=
m/lists/radiusext/>>=20
>> =20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sun, 06 Jan 2008 23:33:21 +0000
Date: Sun, 6 Jan 2008 18:32:08 -0500
From: Barney Wolff <barney@databus.com>
To: hokey@ietf.org, radiusext@ops.ietf.org
Subject: [HOKEY] a transparent proposal
Message-ID: <20080106233208.GA81848@pit.databus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
I've been reading the HOKEY drafts, and am somewhat taken aback by
the extent of the required changes. I know it's late in the process,
but I wonder if the HOKEY group has considered and rejected an idea
like the following. If so, why? If not, and there is some expression
of support, I could write it up as a draft.
Make HOKEY transparent to the authenticator - peer and server have to know,
but the authenticator does not.
As part of the initial EAP conversation, peer & server agree that HOKEY may
be done. The MSK that the server sends to the authenticator is not the
real MSK, but a domain-authenticator-specific key derived from it that
the peer can also derive.
When the peer connects to another authenticator, the identity it
supplies is a reauth-NAI given to it by the original server rather
than the id it supplied at initial auth. Based on the id, the new
authenticator naturally routes its access-requests to a reauth
server, without needing any code updates. The reauth server goes
through an abbreviated conversation with the peer, and upon success
sends the newly-derived domain-authenticator-specific key to the
authenticator. Class can be used to tie together all the pieces.
Advantages:
Authenticator is completely unchanged.
AAA proxies are completely unchanged.
Peer behavior remains that of an EAP responder, rather than being both
requester (for reauth) and responder (for initial auth) in the current
HOKEY drafts. The HOKEY drafts seem to do considerable philosophical
violence to EAP in this regard.
No new EAP codes. HOKEY can be done as a new EAP method.
Disadvantages:
There is an extra round-trip, but it is to a (presumably local) reauth
server. Even that could be avoided if the authenticator were to be
upgraded to recognize a reauth-identity and generate a reauth-eap
request itself. But I suspect that's not really necessary.
--
Barney Wolff I never met a computer I didn't like.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sun, 06 Jan 2008 07:10:19 +0000
Message-ID: <47807E53.1040607@deployingradius.com>
Date: Sun, 06 Jan 2008 08:08:03 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
CC: Yoshihiro Ohba <yohba@tari.toshiba.com>, hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Lakshminath Dondeti wrote:
> Isn't there a solution on the table already with DTLS proposal?
No. RADIUS + DTLS is still hop by hop. There are no provisions in it
for end to end security.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sun, 06 Jan 2008 06:27:22 +0000
Date: Sun, 6 Jan 2008 01:25:35 -0500
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Cc: Dan Harkins <dharkins@lounge.org>, hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Message-ID: <20080106062535.GG18731@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
Do you mean DTLS-SRTP or something else? In the former case, I'm not
sure how it works with AAA proxies.
Yoshihiro Ohba
On Sat, Jan 05, 2008 at 06:33:12PM -0800, Lakshminath Dondeti wrote:
> Isn't there a solution on the table already with DTLS proposal?
>
> Lakshminath
>
> On 1/5/2008 3:31 PM, Yoshihiro Ohba wrote:
>> Why just not use inter-realm Kerberos to establish an end-to-end SA
>> between EAP server and DSR-KH, and then do DSRK distribution over the
>> established SA? Inter-realm Kerberos works with chain of trust and
>> should work with the case where AAA proxies are between EAP server and
>> DSR-KH. The past proposal about Kerberos over RADIUS indicated by
>> Bernard sounds like a good solution.
>>
>> Yoshihiro Ohba
>>
>> On Sat, Jan 05, 2008 at 11:22:41AM -0800, Lakshminath Dondeti wrote:
>>> The key however is that there was no real mechanism for end-to-end
>>> security that 4568 might recommend and now RAI is in another iteration
>>> for key management for SRTP.
>>>
>>> Lakshminath
>>>
>>> On 1/5/2008 11:13 AM, Yoshihiro Ohba wrote:
>>>> Lakshminath,
>>>>
>>>> Thank you for the pointer to RFC 4568.
>>>>
>>>> In my reading of RFC 4568, it recommends end-to-end security when the
>>>> communication path of the SDP message is routed through intermediate
>>>> systems like SIP proxies. IMO, end-to-end security (with Type 1
>>>> trust) should be the default model for any key distribution mechanism
>>>> even if hop-by-hop security is not totally prohibited for some use
>>>> cases. Yoshihiro Ohba
>>>>
>>>>
>>>>
>>>> On Fri, Jan 04, 2008 at 04:58:42PM -0800, Lakshminath Dondeti wrote:
>>>>> Hi Yoshi,
>>>>>
>>>>> You are on the right track by exploring the implications of hop-by-hop
>>>>> security. In the case we are talking about, it may result in billing
>>>>> inconsistencies. That we have agreed is ok in some cases and perhaps
>>>>> not ok in others. This is a reasonable conclusion as illustrated
>>>>> elsewhere: In case of SIP proxies, hop-by-hop security implies that
>>>>> proxies may be able to compromise end-to-end user data/media
>>>>> confidentiality. In this case, end-to-end security may be compromised
>>>>> and we have an assortment of techniques at the IETF to deal with the
>>>>> problem. The proxy model is allowed however. There are key
>>>>> distribution mechanisms (RFC 4568) which work with the proxy model in
>>>>> mind.
>>>>>
>>>>> best wishes for 2008,
>>>>> Lakshminath
>>>>>
>>>>> On 1/4/2008 4:27 PM, Yoshihiro Ohba wrote:
>>>>>> I can see two conflicting types of trust for hop-by-hop security to
>>>>>> work.
>>>>>>
>>>>>> Type 1 trust: Trusted entities can use any keys that they have access
>>>>>> to, regardless of how they are distributed.
>>>>>>
>>>>>> Type 2 trust: Trusted entities will not use keys distributed to others
>>>>>> even if they have access to the keys.
>>>>>>
>>>>>> In Type 1 trust, multiple trusted entities are actually sharing keys
>>>>>> for use, and thus key hierarchy is not needed. In Type 2 trust, key
>>>>>> hierarchy is still needed. Also, there is no
>>>>>> Type 2 trust in end-to-end security. To me, Type 2 trust is similar
>>>>>> to a real-world case where we need to trust how a check-in baggage
>>>>>> will be inspected and treated once it is checked in. Inspectors have
>>>>>> the right to access to the baggage contents for the purpose of airline
>>>>>> security, but airline customers (need to) trust them that they will
>>>>>> not use the contents.
>>>>>>
>>>>>> The issue seems to be which trust model (or something else) is
>>>>>> acceptable for us. In my personal opinion, Type 2 trust is not
>>>>>> desirable from security perspective, unless AAA proxies really need to
>>>>>> access to the keys to improve AAA secuirty.
>>>>>>
>>>>>> Yoshihiro Ohba
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jan 04, 2008 at 11:37:43AM -0800, Dan Harkins wrote:
>>>>>>> Hi Lakshminath,
>>>>>>>
>>>>>>> On Fri, January 4, 2008 8:58 am, Lakshminath Dondeti wrote:
>>>>>>> [snip]
>>>>>>>> Hi Dan,
>>>>>>>>
>>>>>>>> I am trying to understand the direction of the discussion here:
>>>>>>>>
>>>>>>>> When there is end-to-end security, it appears that we have agreement
>>>>>>>> that a key hierarchy is necessary.
>>>>>>> No, that's not what I'm saying.
>>>>>>>
>>>>>>>> When there is hop-by-hop security, you are making the argument that the
>>>>>>>> DSRK hierarchy is not necessary and that we can use other techniques to
>>>>>>>> make things work. Isn't it simpler to have the same key hierarchy
>>>>>>>> irrespective of the protection policies in the AAA network? Besides,
>>>>>>>> the different DSRKs would allow the peer to help the home network verify
>>>>>>>> the accounting information, for instance.
>>>>>>> We have to deal with the system holistically and not dissect it into
>>>>>>> parts and quibble over "hop-by-hop" or "end-to-end" and whether they apply
>>>>>>> to one part or the other. The issue is what is the threat model for the
>>>>>>> holistic system?
>>>>>>>
>>>>>>> If proxies are permitted, and they are, then the problems they introduce
>>>>>>> have to be accepted. We have consensus to do that. It is my contention
>>>>>>> that the key hierarchy attempts to address those problems that we have
>>>>>>> already accepted into our system due to proxies so I feel the key
>>>>>>> hierarchy is an unnecessary complexity.
>>>>>>>
>>>>>>> Of course I may be all wrong. If someone could just tell me exactly
>>>>>>> what problem will completely go away by having this key hierarchy I would
>>>>>>> greatly appreciate it. Can you tell me?
>>>>>>>
>>>>>>>> We talked about the reasoning for the DSRK hierarchy for a long time and
>>>>>>>> achieved consensus. I understand that you are bringing up these
>>>>>>>> questions again with the hop-by-hop security model in mind.
>>>>>>> The goalposts have moved. The discussion about the key hierarchy was
>>>>>>> held back when we were still arguing over a 3 party protocol. That was
>>>>>>> when disclosure of keys to people who are not the intended recipient
>>>>>>> was a problem we were going to address. But I have come to the realization
>>>>>>> that the working group is not interested in a protocol that could not work
>>>>>>> in the presence of proxies and that the working group now feels that that
>>>>>>> problem is not something that needs addressing.
>>>>>>>
>>>>>>> I believe that the problems that proxies introduce are the same ones that
>>>>>>> arise when a key is shared between domains. The key hierarchy addresses the
>>>>>>> latter but not the former. Since WG consensus is that the former is not
>>>>>>> something that needs addressing I question why the latter needs addressing.
>>>>>>>
>>>>>>> A counter example would go a long way to justifying the key hierarchy.
>>>>>>> Do you have one?
>>>>>>>
>>>>>>>> Personally,
>>>>>>>> I find it instructive to think about the implications of putting trust
>>>>>>>> in proxies. We discussed that in Vancouver and noted that billing
>>>>>>>> inconsistencies may be the result. If an operator is willing to handle
>>>>>>>> those through non-protocol means (and that's what many do today), we
>>>>>>>> should continue to allow that model of operation.
>>>>>>> I'm not saying we shouldn't allow that model of operation. In fact,
>>>>>>> I am acknowledging that the WG has consensus to allow it.
>>>>>>>
>>>>>>> What I am saying is that by allowing that model of operation we are
>>>>>>> agreeing to not address the problems it introduces. And that being the
>>>>>>> case the key hierarchy becomes extraneous, an unnecessary complexity
>>>>>>> that we should just do away with.
>>>>>>>
>>>>>>>> best wishes for the new year,
>>>>>>>> Lakshminath
>>>>>>> Thank you very much! I hope you have a great 2008.
>>>>>>>
>>>>>>> Dan.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> HOKEY mailing list
>>>>>>> HOKEY@ietf.org
>>>>>>> https://www1.ietf.org/mailman/listinfo/hokey
>>>>>>>
>>>>>>>
>>>>>>>
>>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sat, 05 Jan 2008 23:35:48 +0000
Date: Sat, 5 Jan 2008 18:31:05 -0500
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Cc: Dan Harkins <dharkins@lounge.org>, hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Message-ID: <20080105233105.GC18731@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
Why just not use inter-realm Kerberos to establish an end-to-end SA
between EAP server and DSR-KH, and then do DSRK distribution over the
established SA? Inter-realm Kerberos works with chain of trust and
should work with the case where AAA proxies are between EAP server and
DSR-KH. The past proposal about Kerberos over RADIUS indicated by
Bernard sounds like a good solution.
Yoshihiro Ohba
On Sat, Jan 05, 2008 at 11:22:41AM -0800, Lakshminath Dondeti wrote:
> The key however is that there was no real mechanism for end-to-end security
> that 4568 might recommend and now RAI is in another iteration for key
> management for SRTP.
>
> Lakshminath
>
> On 1/5/2008 11:13 AM, Yoshihiro Ohba wrote:
>> Lakshminath,
>>
>> Thank you for the pointer to RFC 4568.
>>
>> In my reading of RFC 4568, it recommends end-to-end security when the
>> communication path of the SDP message is routed through intermediate
>> systems like SIP proxies. IMO, end-to-end security (with Type 1
>> trust) should be the default model for any key distribution mechanism
>> even if hop-by-hop security is not totally prohibited for some use
>> cases.
>> Yoshihiro Ohba
>>
>>
>>
>> On Fri, Jan 04, 2008 at 04:58:42PM -0800, Lakshminath Dondeti wrote:
>>> Hi Yoshi,
>>>
>>> You are on the right track by exploring the implications of hop-by-hop
>>> security. In the case we are talking about, it may result in billing
>>> inconsistencies. That we have agreed is ok in some cases and perhaps not
>>> ok in others. This is a reasonable conclusion as illustrated elsewhere:
>>> In case of SIP proxies, hop-by-hop security implies that proxies may be
>>> able to compromise end-to-end user data/media confidentiality. In this
>>> case, end-to-end security may be compromised and we have an assortment of
>>> techniques at the IETF to deal with the problem. The proxy model is
>>> allowed however. There are key distribution mechanisms (RFC 4568) which
>>> work with the proxy model in mind.
>>>
>>> best wishes for 2008,
>>> Lakshminath
>>>
>>> On 1/4/2008 4:27 PM, Yoshihiro Ohba wrote:
>>>> I can see two conflicting types of trust for hop-by-hop security to
>>>> work.
>>>>
>>>> Type 1 trust: Trusted entities can use any keys that they have access
>>>> to, regardless of how they are distributed.
>>>>
>>>> Type 2 trust: Trusted entities will not use keys distributed to others
>>>> even if they have access to the keys.
>>>>
>>>> In Type 1 trust, multiple trusted entities are actually sharing keys
>>>> for use, and thus key hierarchy is not needed. In Type 2 trust, key
>>>> hierarchy is still needed. Also, there is no
>>>> Type 2 trust in end-to-end security. To me, Type 2 trust is similar
>>>> to a real-world case where we need to trust how a check-in baggage
>>>> will be inspected and treated once it is checked in. Inspectors have
>>>> the right to access to the baggage contents for the purpose of airline
>>>> security, but airline customers (need to) trust them that they will
>>>> not use the contents.
>>>>
>>>> The issue seems to be which trust model (or something else) is
>>>> acceptable for us. In my personal opinion, Type 2 trust is not
>>>> desirable from security perspective, unless AAA proxies really need to
>>>> access to the keys to improve AAA secuirty.
>>>>
>>>> Yoshihiro Ohba
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jan 04, 2008 at 11:37:43AM -0800, Dan Harkins wrote:
>>>>> Hi Lakshminath,
>>>>>
>>>>> On Fri, January 4, 2008 8:58 am, Lakshminath Dondeti wrote:
>>>>> [snip]
>>>>>> Hi Dan,
>>>>>>
>>>>>> I am trying to understand the direction of the discussion here:
>>>>>>
>>>>>> When there is end-to-end security, it appears that we have agreement
>>>>>> that a key hierarchy is necessary.
>>>>> No, that's not what I'm saying.
>>>>>
>>>>>> When there is hop-by-hop security, you are making the argument that the
>>>>>> DSRK hierarchy is not necessary and that we can use other techniques to
>>>>>> make things work. Isn't it simpler to have the same key hierarchy
>>>>>> irrespective of the protection policies in the AAA network? Besides,
>>>>>> the different DSRKs would allow the peer to help the home network verify
>>>>>> the accounting information, for instance.
>>>>> We have to deal with the system holistically and not dissect it into
>>>>> parts and quibble over "hop-by-hop" or "end-to-end" and whether they apply
>>>>> to one part or the other. The issue is what is the threat model for the
>>>>> holistic system?
>>>>>
>>>>> If proxies are permitted, and they are, then the problems they introduce
>>>>> have to be accepted. We have consensus to do that. It is my contention
>>>>> that the key hierarchy attempts to address those problems that we have
>>>>> already accepted into our system due to proxies so I feel the key
>>>>> hierarchy is an unnecessary complexity.
>>>>>
>>>>> Of course I may be all wrong. If someone could just tell me exactly
>>>>> what problem will completely go away by having this key hierarchy I would
>>>>> greatly appreciate it. Can you tell me?
>>>>>
>>>>>> We talked about the reasoning for the DSRK hierarchy for a long time and
>>>>>> achieved consensus. I understand that you are bringing up these
>>>>>> questions again with the hop-by-hop security model in mind.
>>>>> The goalposts have moved. The discussion about the key hierarchy was
>>>>> held back when we were still arguing over a 3 party protocol. That was
>>>>> when disclosure of keys to people who are not the intended recipient
>>>>> was a problem we were going to address. But I have come to the realization
>>>>> that the working group is not interested in a protocol that could not work
>>>>> in the presence of proxies and that the working group now feels that that
>>>>> problem is not something that needs addressing.
>>>>>
>>>>> I believe that the problems that proxies introduce are the same ones that
>>>>> arise when a key is shared between domains. The key hierarchy addresses the
>>>>> latter but not the former. Since WG consensus is that the former is not
>>>>> something that needs addressing I question why the latter needs addressing.
>>>>>
>>>>> A counter example would go a long way to justifying the key hierarchy.
>>>>> Do you have one?
>>>>>
>>>>>> Personally,
>>>>>> I find it instructive to think about the implications of putting trust
>>>>>> in proxies. We discussed that in Vancouver and noted that billing
>>>>>> inconsistencies may be the result. If an operator is willing to handle
>>>>>> those through non-protocol means (and that's what many do today), we
>>>>>> should continue to allow that model of operation.
>>>>> I'm not saying we shouldn't allow that model of operation. In fact,
>>>>> I am acknowledging that the WG has consensus to allow it.
>>>>>
>>>>> What I am saying is that by allowing that model of operation we are
>>>>> agreeing to not address the problems it introduces. And that being the
>>>>> case the key hierarchy becomes extraneous, an unnecessary complexity
>>>>> that we should just do away with.
>>>>>
>>>>>> best wishes for the new year,
>>>>>> Lakshminath
>>>>> Thank you very much! I hope you have a great 2008.
>>>>>
>>>>> Dan.
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> HOKEY mailing list
>>>>> HOKEY@ietf.org
>>>>> https://www1.ietf.org/mailman/listinfo/hokey
>>>>>
>>>>>
>>>>>
>>>
>>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sat, 05 Jan 2008 19:16:40 +0000
Date: Sat, 5 Jan 2008 14:13:59 -0500
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Cc: Dan Harkins <dharkins@lounge.org>, hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Message-ID: <20080105191359.GB18731@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
Lakshminath,
Thank you for the pointer to RFC 4568.
In my reading of RFC 4568, it recommends end-to-end security when the
communication path of the SDP message is routed through intermediate
systems like SIP proxies. IMO, end-to-end security (with Type 1
trust) should be the default model for any key distribution mechanism
even if hop-by-hop security is not totally prohibited for some use
cases.
Yoshihiro Ohba
On Fri, Jan 04, 2008 at 04:58:42PM -0800, Lakshminath Dondeti wrote:
> Hi Yoshi,
>
> You are on the right track by exploring the implications of hop-by-hop
> security. In the case we are talking about, it may result in billing
> inconsistencies. That we have agreed is ok in some cases and perhaps not
> ok in others. This is a reasonable conclusion as illustrated elsewhere:
> In case of SIP proxies, hop-by-hop security implies that proxies may be
> able to compromise end-to-end user data/media confidentiality. In this
> case, end-to-end security may be compromised and we have an assortment of
> techniques at the IETF to deal with the problem. The proxy model is
> allowed however. There are key distribution mechanisms (RFC 4568) which
> work with the proxy model in mind.
>
> best wishes for 2008,
> Lakshminath
>
> On 1/4/2008 4:27 PM, Yoshihiro Ohba wrote:
>> I can see two conflicting types of trust for hop-by-hop security to
>> work.
>>
>> Type 1 trust: Trusted entities can use any keys that they have access
>> to, regardless of how they are distributed.
>>
>> Type 2 trust: Trusted entities will not use keys distributed to others
>> even if they have access to the keys.
>>
>> In Type 1 trust, multiple trusted entities are actually sharing keys
>> for use, and thus key hierarchy is not needed.
>> In Type 2 trust, key hierarchy is still needed. Also, there is no
>> Type 2 trust in end-to-end security. To me, Type 2 trust is similar
>> to a real-world case where we need to trust how a check-in baggage
>> will be inspected and treated once it is checked in. Inspectors have
>> the right to access to the baggage contents for the purpose of airline
>> security, but airline customers (need to) trust them that they will
>> not use the contents.
>>
>> The issue seems to be which trust model (or something else) is
>> acceptable for us. In my personal opinion, Type 2 trust is not
>> desirable from security perspective, unless AAA proxies really need to
>> access to the keys to improve AAA secuirty.
>>
>> Yoshihiro Ohba
>>
>>
>>
>>
>> On Fri, Jan 04, 2008 at 11:37:43AM -0800, Dan Harkins wrote:
>>> Hi Lakshminath,
>>>
>>> On Fri, January 4, 2008 8:58 am, Lakshminath Dondeti wrote:
>>> [snip]
>>>> Hi Dan,
>>>>
>>>> I am trying to understand the direction of the discussion here:
>>>>
>>>> When there is end-to-end security, it appears that we have agreement
>>>> that a key hierarchy is necessary.
>>> No, that's not what I'm saying.
>>>
>>>> When there is hop-by-hop security, you are making the argument that the
>>>> DSRK hierarchy is not necessary and that we can use other techniques to
>>>> make things work. Isn't it simpler to have the same key hierarchy
>>>> irrespective of the protection policies in the AAA network? Besides,
>>>> the different DSRKs would allow the peer to help the home network verify
>>>> the accounting information, for instance.
>>> We have to deal with the system holistically and not dissect it into
>>> parts and quibble over "hop-by-hop" or "end-to-end" and whether they apply
>>> to one part or the other. The issue is what is the threat model for the
>>> holistic system?
>>>
>>> If proxies are permitted, and they are, then the problems they introduce
>>> have to be accepted. We have consensus to do that. It is my contention
>>> that the key hierarchy attempts to address those problems that we have
>>> already accepted into our system due to proxies so I feel the key
>>> hierarchy is an unnecessary complexity.
>>>
>>> Of course I may be all wrong. If someone could just tell me exactly
>>> what problem will completely go away by having this key hierarchy I would
>>> greatly appreciate it. Can you tell me?
>>>
>>>> We talked about the reasoning for the DSRK hierarchy for a long time and
>>>> achieved consensus. I understand that you are bringing up these
>>>> questions again with the hop-by-hop security model in mind.
>>> The goalposts have moved. The discussion about the key hierarchy was
>>> held back when we were still arguing over a 3 party protocol. That was
>>> when disclosure of keys to people who are not the intended recipient
>>> was a problem we were going to address. But I have come to the realization
>>> that the working group is not interested in a protocol that could not work
>>> in the presence of proxies and that the working group now feels that that
>>> problem is not something that needs addressing.
>>>
>>> I believe that the problems that proxies introduce are the same ones that
>>> arise when a key is shared between domains. The key hierarchy addresses the
>>> latter but not the former. Since WG consensus is that the former is not
>>> something that needs addressing I question why the latter needs addressing.
>>>
>>> A counter example would go a long way to justifying the key hierarchy.
>>> Do you have one?
>>>
>>>> Personally,
>>>> I find it instructive to think about the implications of putting trust
>>>> in proxies. We discussed that in Vancouver and noted that billing
>>>> inconsistencies may be the result. If an operator is willing to handle
>>>> those through non-protocol means (and that's what many do today), we
>>>> should continue to allow that model of operation.
>>> I'm not saying we shouldn't allow that model of operation. In fact,
>>> I am acknowledging that the WG has consensus to allow it.
>>>
>>> What I am saying is that by allowing that model of operation we are
>>> agreeing to not address the problems it introduces. And that being the
>>> case the key hierarchy becomes extraneous, an unnecessary complexity
>>> that we should just do away with.
>>>
>>>> best wishes for the new year,
>>>> Lakshminath
>>> Thank you very much! I hope you have a great 2008.
>>>
>>> Dan.
>>>
>>>
>>>
>>> _______________________________________________
>>> HOKEY mailing list
>>> HOKEY@ietf.org
>>> https://www1.ietf.org/mailman/listinfo/hokey
>>>
>>>
>>>
>>
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sat, 05 Jan 2008 01:26:06 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=qAgqrkF2wTR4OTXmgdMIEzVtqjJUyeYB1cc8Wf8mK4ZebUleOKoZla59 +MoRoVIrlwJddxcVp+q2AjF7zGSPRqO+/qBh+NwEmnxsuLUtFkt9ETWIj K+6LZIc+GgUFv8VGQXjXjCOBzNLFIQb2cz2JnK6/unRNJJmDjxme5WZeV I=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Date: Fri, 4 Jan 2008 17:24:46 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513C22800@NAEX13.na.qualcomm.com>
Thread-Topic: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Thread-Index: AchOqWwqW36f0dOLSmOA8haeg7FMYQAialwQ
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: <Bernard_Aboba@hotmail.com>, <radiusext@ops.ietf.org>
Cc: <hokey@ietf.org>
Hi Bernard,
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org=20
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of=20
> Bernard_Aboba@hotmail.com
> Sent: Friday, January 04, 2008 12:11 AM
> To: radiusext@ops.ietf.org
> Cc: hokey@ietf.org
> Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
>=20
> >When the peer, the local domain and the AAA-Home also =20
> support ERP, a=20
> >DSRK (DSRK1) may be requested by the local ER server A at =20
> the time of=20
> >the EAP exchange.
>=20
> Some questions:
>=20
> 1. Is the "Local ER server" always a RADIUS client? =20
Yes, it is both a client and a server. It is a client from the
perspective that it requests for the key material from a RADIUS server
and a server from the perspective that it will later serve NASs during
reauthentication.=20
> The=20
> ERX document=20
> seems to
> indicate that this might not always be the case.
>=20
Could you please point out where? I just scanned the ERX document and
except for describing a specific security consideration with the use of
RADIUS, the document only seems to have pointers to the RADIUS and
Diameter documents. Perhaps I missed it. =20
> 2. How is the request for the DSRK made by the "local ER=20
> server"? Is the
> request authenticated with user credentials? How does the=20
> RADIUS server determine if the Request is valid?
>=20
The request for DSRK is made with a RADIUS attribute or Diameter AVP in
an ERP bootstrapping exchange initiated by the peer or the first EAP
Response message coming from the peer in a regular EAP exchange. The
EAP or ERP exchange authenticates the peer and upon successful
authentication, a DSRK is included along with ER Finish or EAP Success
for the local ER server. This is not much unlike providing the MSK to
the NAS, except that there is no explicit request for an MSK. =20
> 3. How does the RADIUS server know how to reach the "Local ER server"?
> The ERX document talks about a "Domain Identity". How does=20
> the RADIUS server use the "Domain Identity" to determine what=20
> RADIUS client to send a packet to?
> Is there an assumption that the "Local ER server" is one hop=20
> away from the home RADIUS server? What attributes need to be=20
> placed within an Access-Accept to ensure that the packet is=20
> routed to the "local server"?
>=20
The local ER server must be in the path of the full EAP exchange or the
ERP bootstrapping exchange of the peer in order to request and receive a
DSRK. This text was present in draft-gaonkar-radext-erp-attrs-01 and I
notice that it is missing in 02. We will fix that. The packet is
routed just using regular AAA routing - the requesting entity's identity
is part of the attribute defined, which will provide an FQDN or IP
address of the local ER server requesting the key - this is present in
the Access-Accept as well. The local ER server that requested the DSRK
will look for this attribute in the Access-Accept. =20
> 4. In Figure 1, the ERX document shows the following flow:
>=20
> [<-- EAP-Request/ ------
> Identity]
> [<-- EAP Initiate/ ------
> Reauth-Start]
>=20
> Is this a typo? The figure shows that the=20
> EAP-Request/Identity isn't being responded to by the peer. =20
> If the peer implements RFC 3748, won't it send an=20
> EAP-Response, which will be passed to the RADIUS server,=20
> which will then initiate EAP?=20
The idea behind sending both EAP-Request/Identity and
EAP-Initiate/Reauth-Start is that the network can initiate regular EAP
or re-authentication when it wants. A peer that supports ERX and
possesses a valid EMSK should respond only to the
EAP-Initiate/Reauth-Start. The EAP process may timeout or the
authenticator, upon receiving the EAP-Initiate/Reauth-Start may
terminate EAP. =20
> Figure 1
> seems to show the EAP peer ignoring the EAP-Request, which=20
> implies that it needs to wait for some period of time for=20
> another message, which
> might or might not arrive. How long should it wait?
>=20
Not sure why the peer would wait.. It sees that the authenticator
supports ERX and knows that it possesses a valid EMSK - so, it just
proceeds with the ERP exchange.=20
> If the peer doesn't respond to the EAP-Request/Identity,=20
> according to RFC
> 3748
> and RFC 4137, the NAS will retransmit. So we'll have two EAP=20
> conversations going on at once?
>=20
As I note above, the authenticator may retransmit the
EAP-Request/Identity, in which case it will timeout or it may terminate
EAP when it receives the EAP-Initiate/Reauth-Start. A smart
implementation should do the latter. Even upon retransmission of the
EAP-Request/Identity, there isn't really an issue, since, the identifier
for EAP-Initiate is picked by the peer. Hence, the EAP code (Initiate),
along with the identifier value, will distinguish this exchange from an
EAP-Request transmitted by the authenticator. =20
> 5. In Figure 2, the peer is initiating what would appear to=20
> be a standard
> RADIUS/EAP conversation via the EAP-Response/Identity. However, it
> would appear that the EAP Response/Identity is being=20
> "augmented" by the local server. It's hard for me to tell=20
> from the figure whether the [DSRK Req, Domain Identity] is=20
> being inserted within the EAP-Response/Identity, or whether=20
> it represents separate RADIUS attributes. Can you clarify?
>=20
It represents separate RADIUS attributes.=20
> 6. If the "local 'server" isn't on the path between the NAS=20
> and the home server
> (as it might not be, because of failover), what happens? =20
> Does each proxy
> also need to host a "local server" to make sure that doesn't occur?
> If the "local server" is not on the path, then it seems like=20
> two distinct messages
> would be required. Is there an expectation that the RADIUS=20
> Access-Accept
> will be multicast, or that two distinct RADIUS Access-Accept=20
> packets will be sent?
>=20
>=20
As written, the protocol only supports the case where the local ER
server is in the path between the NAS and home server. There was some
interest in later supporting the case where it is not in the path, but
there is no proposal to support that option now.=20
Thanks,
Vidya
>=20
> =20
>=20
>=20
> --
> to unsubscribe send a message to=20
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in=20
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Sat, 05 Jan 2008 00:29:11 +0000
Date: Fri, 4 Jan 2008 19:27:44 -0500
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
To: Dan Harkins <dharkins@lounge.org>
Cc: Lakshminath Dondeti <ldondeti@qualcomm.com>, hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Message-ID: <20080105002744.GB15789@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
I can see two conflicting types of trust for hop-by-hop security to
work.
Type 1 trust: Trusted entities can use any keys that they have access
to, regardless of how they are distributed.
Type 2 trust: Trusted entities will not use keys distributed to others
even if they have access to the keys.
In Type 1 trust, multiple trusted entities are actually sharing keys
for use, and thus key hierarchy is not needed.
In Type 2 trust, key hierarchy is still needed. Also, there is no
Type 2 trust in end-to-end security. To me, Type 2 trust is similar
to a real-world case where we need to trust how a check-in baggage
will be inspected and treated once it is checked in. Inspectors have
the right to access to the baggage contents for the purpose of airline
security, but airline customers (need to) trust them that they will
not use the contents.
The issue seems to be which trust model (or something else) is
acceptable for us. In my personal opinion, Type 2 trust is not
desirable from security perspective, unless AAA proxies really need to
access to the keys to improve AAA secuirty.
Yoshihiro Ohba
On Fri, Jan 04, 2008 at 11:37:43AM -0800, Dan Harkins wrote:
>
> Hi Lakshminath,
>
> On Fri, January 4, 2008 8:58 am, Lakshminath Dondeti wrote:
> [snip]
> > Hi Dan,
> >
> > I am trying to understand the direction of the discussion here:
> >
> > When there is end-to-end security, it appears that we have agreement
> > that a key hierarchy is necessary.
>
> No, that's not what I'm saying.
>
> > When there is hop-by-hop security, you are making the argument that the
> > DSRK hierarchy is not necessary and that we can use other techniques to
> > make things work. Isn't it simpler to have the same key hierarchy
> > irrespective of the protection policies in the AAA network? Besides,
> > the different DSRKs would allow the peer to help the home network verify
> > the accounting information, for instance.
>
> We have to deal with the system holistically and not dissect it into
> parts and quibble over "hop-by-hop" or "end-to-end" and whether they apply
> to one part or the other. The issue is what is the threat model for the
> holistic system?
>
> If proxies are permitted, and they are, then the problems they introduce
> have to be accepted. We have consensus to do that. It is my contention
> that the key hierarchy attempts to address those problems that we have
> already accepted into our system due to proxies so I feel the key
> hierarchy is an unnecessary complexity.
>
> Of course I may be all wrong. If someone could just tell me exactly
> what problem will completely go away by having this key hierarchy I would
> greatly appreciate it. Can you tell me?
>
> > We talked about the reasoning for the DSRK hierarchy for a long time and
> > achieved consensus. I understand that you are bringing up these
> > questions again with the hop-by-hop security model in mind.
>
> The goalposts have moved. The discussion about the key hierarchy was
> held back when we were still arguing over a 3 party protocol. That was
> when disclosure of keys to people who are not the intended recipient
> was a problem we were going to address. But I have come to the realization
> that the working group is not interested in a protocol that could not work
> in the presence of proxies and that the working group now feels that that
> problem is not something that needs addressing.
>
> I believe that the problems that proxies introduce are the same ones that
> arise when a key is shared between domains. The key hierarchy addresses the
> latter but not the former. Since WG consensus is that the former is not
> something that needs addressing I question why the latter needs addressing.
>
> A counter example would go a long way to justifying the key hierarchy.
> Do you have one?
>
> > Personally,
> > I find it instructive to think about the implications of putting trust
> > in proxies. We discussed that in Vancouver and noted that billing
> > inconsistencies may be the result. If an operator is willing to handle
> > those through non-protocol means (and that's what many do today), we
> > should continue to allow that model of operation.
>
> I'm not saying we shouldn't allow that model of operation. In fact,
> I am acknowledging that the WG has consensus to allow it.
>
> What I am saying is that by allowing that model of operation we are
> agreeing to not address the problems it introduces. And that being the
> case the key hierarchy becomes extraneous, an unnecessary complexity
> that we should just do away with.
>
> > best wishes for the new year,
> > Lakshminath
>
> Thank you very much! I hope you have a great 2008.
>
> Dan.
>
>
>
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
>
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 23:51:35 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: <glenzorn@hotmail.com>
Cc: <radiusext@ops.ietf.org>
Subject: test
Date: Fri, 4 Jan 2008 15:49:52 -0800
Message-ID: <00a501c84f2c$80c48fe0$824dafa0$@net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00A6_01C84EE9.72A14FE0"
Thread-Index: AchPLIALvFYXq5x1Qp2ORzI5Mpvmkw==
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_00A6_01C84EE9.72A14FE0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
------=_NextPart_000_00A6_01C84EE9.72A14FE0
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
</body>
</html>
------=_NextPart_000_00A6_01C84EE9.72A14FE0--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 19:38:48 +0000
Message-ID: <2069.69.12.173.8.1199475463.squirrel@www.trepanning.net>
Date: Fri, 4 Jan 2008 11:37:43 -0800 (PST)
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
From: "Dan Harkins" <dharkins@lounge.org>
To: "Lakshminath Dondeti" <ldondeti@qualcomm.com>
Cc: "Dan Harkins" <dharkins@lounge.org>, "Narayanan, Vidya" <vidyan@qualcomm.com>, "radext mailing list" <radiusext@ops.ietf.org>, hokey@ietf.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hi Lakshminath,
On Fri, January 4, 2008 8:58 am, Lakshminath Dondeti wrote:
[snip]
> Hi Dan,
>
> I am trying to understand the direction of the discussion here:
>
> When there is end-to-end security, it appears that we have agreement
> that a key hierarchy is necessary.
No, that's not what I'm saying.
> When there is hop-by-hop security, you are making the argument that the
> DSRK hierarchy is not necessary and that we can use other techniques to
> make things work. Isn't it simpler to have the same key hierarchy
> irrespective of the protection policies in the AAA network? Besides,
> the different DSRKs would allow the peer to help the home network verify
> the accounting information, for instance.
We have to deal with the system holistically and not dissect it into
parts and quibble over "hop-by-hop" or "end-to-end" and whether they apply
to one part or the other. The issue is what is the threat model for the
holistic system?
If proxies are permitted, and they are, then the problems they introduce
have to be accepted. We have consensus to do that. It is my contention
that the key hierarchy attempts to address those problems that we have
already accepted into our system due to proxies so I feel the key
hierarchy is an unnecessary complexity.
Of course I may be all wrong. If someone could just tell me exactly
what problem will completely go away by having this key hierarchy I would
greatly appreciate it. Can you tell me?
> We talked about the reasoning for the DSRK hierarchy for a long time and
> achieved consensus. I understand that you are bringing up these
> questions again with the hop-by-hop security model in mind.
The goalposts have moved. The discussion about the key hierarchy was
held back when we were still arguing over a 3 party protocol. That was
when disclosure of keys to people who are not the intended recipient
was a problem we were going to address. But I have come to the realization
that the working group is not interested in a protocol that could not work
in the presence of proxies and that the working group now feels that that
problem is not something that needs addressing.
I believe that the problems that proxies introduce are the same ones that
arise when a key is shared between domains. The key hierarchy addresses the
latter but not the former. Since WG consensus is that the former is not
something that needs addressing I question why the latter needs addressing.
A counter example would go a long way to justifying the key hierarchy.
Do you have one?
> Personally,
> I find it instructive to think about the implications of putting trust
> in proxies. We discussed that in Vancouver and noted that billing
> inconsistencies may be the result. If an operator is willing to handle
> those through non-protocol means (and that's what many do today), we
> should continue to allow that model of operation.
I'm not saying we shouldn't allow that model of operation. In fact,
I am acknowledging that the WG has consensus to allow it.
What I am saying is that by allowing that model of operation we are
agreeing to not address the problems it introduces. And that being the
case the key hierarchy becomes extraneous, an unnecessary complexity
that we should just do away with.
> best wishes for the new year,
> Lakshminath
Thank you very much! I hope you have a great 2008.
Dan.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 17:21:28 +0000
Message-ID: <BAY117-W490FFC66E720F9A360C44934C0@phx.gbl>
Content-Type: multipart/alternative; boundary="_00a39560-8c20-42b1-a8f7-9c046c0e0e28_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
CC: <radiusext@ops.ietf.org>, <hokey@ietf.org>
Subject: RE: AAA Routing with EAP-ER
Date: Fri, 4 Jan 2008 09:20:05 -0800
MIME-Version: 1.0
--_00a39560-8c20-42b1-a8f7-9c046c0e0e28_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I think this makes the assumption that every Diameter agent advertising
support for the ERX application understands ERX. While Diameter auth=20
servers do need to understand the application to advertise it, Diameter age=
nts=20
may only be able to forward the messages. =20
=20
This could become an issue if there is an expectation that the "local serve=
r"
will process a packet whose NAI realm is not the local realm. Instead of
processing the packet, the Diameter agent would forward the packet to
the server corresponding to the NAI realm (e.g. the home server).=20
=20
The issue is that there is no equivalent of the "router alert" option for
AAA.=20
=20
> Date: Fri, 4 Jan 2008 11:56:35 +0100> From: Hannes.Tschofenig@gmx.net> To=
: Bernard_Aboba@hotmail.com> CC: radiusext@ops.ietf.org; hokey@ietf.org> Su=
bject: AAA Routing with EAP-ER> > Working on> http://tools.ietf.org/wg/dime=
/draft-dondeti-dime-erp-diameter-01.txt> the question of defining AVPs vs. =
defining a new Diameter application > showed up.> > I wrote a section about=
this into that draft and I wonder whether my > assumptions are reasonable:=
> > 3. Assumptions> > This document defines additional optional AVPs for us=
age with the> Diameter EAP application. Routing of these messages is theref=
ore> provided via the Diameter Application Identifier (among other> element=
s), as specified by the Diameter Base protocol [4]. Based on> the deploymen=
t of ERP, a local Diameter server (the same entity> serves as a Diameter pr=
oxy during the full EAP authentication) may> play the role of the ER server=
for future re-authentication attempts.> As such, the local Diameter server=
requesting the DSRK needs to be in> the path of the current EAP exchange b=
etween the peer and the EAP> server and also along the path in the future. =
The Diameter client is > furthermore assumed to be able to route the re-aut=
hentication > messages to the ER server.> > > Depending on some of the answ=
ers to the questions raised in this > discussion it might be necessary to d=
efine a new Diameter application > rather than just defining new AVPs.> > C=
iao> Hannes> > > Bernard_Aboba@hotmail.com wrote:> >> When the peer, the lo=
cal domain and the AAA-Home also> >> support ERP, a DSRK (DSRK1) may be req=
uested by the local ER server A at> >> the time of the EAP exchange.> >> > =
Some questions:> >> > 1. Is the "Local ER server" always a RADIUS client? T=
he ERX > > document seems to> > indicate that this might not always be the =
case.> >> > 2. How is the request for the DSRK made by the "local ER server=
"? > > Is the> > request authenticated with user credentials? How does the =
RADIUS server> > determine if the Request is valid?> >> > 3. How does the R=
ADIUS server know how to reach the "Local ER server"?> > The ERX document t=
alks about a "Domain Identity". How does the RADIUS > > server> > use the "=
Domain Identity" to determine what RADIUS client to send a > > packet to?> =
> Is there an assumption that the "Local ER server" is one hop away from > =
> the> > home RADIUS server? What attributes need to be placed within an > =
> Access-Accept> > to ensure that the packet is routed to the "local server=
"?> >> > 4. In Figure 1, the ERX document shows the following flow:> >> > [=
<-- EAP-Request/ ------> > Identity]> > [<-- EAP Initiate/ ------> > Reauth=
-Start]> >> > Is this a typo? The figure shows that the EAP-Request/Identit=
y isn't > > being responded> > to by the peer. If the peer implements RFC 3=
748, won't it send an > > EAP-Response,> > which will be passed to the RADI=
US server, which will then initiate > > EAP? Figure 1> > seems to show the =
EAP peer ignoring the EAP-Request, which> > implies that it needs to wait f=
or some period of time for another > > message, which> > might or might not=
arrive. How long should it wait?> >> > If the peer doesn't respond to the =
EAP-Request/Identity, according to > > RFC 3748> > and RFC 4137, the NAS wi=
ll retransmit. So we'll have two EAP > > conversations> > going on at once?=
> >> > 5. In Figure 2, the peer is initiating what would appear to be a > >=
standard> > RADIUS/EAP conversation via the EAP-Response/Identity. However=
, it> > would appear that the EAP Response/Identity is being "augmented" by=
> > the local server. It's hard for me to tell from the figure whether the>=
> [DSRK Req, Domain Identity] is being inserted within the > > EAP-Respons=
e/Identity,> > or whether it represents separate RADIUS attributes. Can you=
clarify?> >> > 6. If the "local 'server" isn't on the path between the NAS=
and the > > home server> > (as it might not be, because of failover), what=
happens? Does each > > proxy> > also need to host a "local server" to make=
sure that doesn't occur?> > If the "local server" is not on the path, then=
it seems like two > > distinct messages> > would be required. Is there an =
expectation that the RADIUS > > Access-Accept> > will be multicast, or that=
two distinct RADIUS Access-Accept packets will> > be sent?> >> >> >> >> >>=
>> > -- > > to unsubscribe send a message to radiusext-request@ops.ietf.or=
g with> > the word 'unsubscribe' in a single line as the message text body.=
> > archive: <http://psg.com/lists/radiusext/>> =
--_00a39560-8c20-42b1-a8f7-9c046c0e0e28_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
I think this makes the assumption that every Diameter agent advertisin=
g<BR>
support for the ERX application understands ERX. While Diameter auth =
<BR>
servers do need to understand the application to advertise it, Diameter age=
nts <BR>
may only be able to forward the messages. <BR>
<BR>
This could become an issue if there is an expectation that the "local serve=
r"<BR>
will process a packet whose NAI realm is not the local realm. Instead=
of<BR>
processing the packet, the Diameter agent would forward the packet to<BR>
the server corresponding to the NAI realm (e.g. the home server). <BR>
<BR>
The issue is that there is no equivalent of the "router alert" option for<B=
R>
AAA. <BR>
<BR>
<BR><BR>> Date: Fri, 4 Jan 2008 11:56:35 +0100<BR>> From: Hannes.Tsch=
ofenig@gmx.net<BR>> To: Bernard_Aboba@hotmail.com<BR>> CC: radiusext@=
ops.ietf.org; hokey@ietf.org<BR>> Subject: AAA Routing with EAP-ER<BR>&g=
t; <BR>> Working on<BR>> http://tools.ietf.org/wg/dime/draft-dondeti-=
dime-erp-diameter-01.txt<BR>> the question of defining AVPs vs. defining=
a new Diameter application <BR>> showed up.<BR>> <BR>> I wrote a =
section about this into that draft and I wonder whether my <BR>> assumpt=
ions are reasonable:<BR>> <BR>> 3. Assumptions<BR>> <BR>> This =
document defines additional optional AVPs for usage with the<BR>> Diamet=
er EAP application. Routing of these messages is therefore<BR>> provided=
via the Diameter Application Identifier (among other<BR>> elements), as=
specified by the Diameter Base protocol [4]. Based on<BR>> the deployme=
nt of ERP, a local Diameter server (the same entity<BR>> serves as a Dia=
meter proxy during the full EAP authentication) may<BR>> play the role o=
f the ER server for future re-authentication attempts.<BR>> As such, the=
local Diameter server requesting the DSRK needs to be in<BR>> the path =
of the current EAP exchange between the peer and the EAP<BR>> server and=
also along the path in the future. The Diameter client is <BR>> further=
more assumed to be able to route the re-authentication <BR>> messages to=
the ER server.<BR>> <BR>> <BR>> Depending on some of the answers =
to the questions raised in this <BR>> discussion it might be necessary t=
o define a new Diameter application <BR>> rather than just defining new =
AVPs.<BR>> <BR>> Ciao<BR>> Hannes<BR>> <BR>> <BR>> Bernar=
d_Aboba@hotmail.com wrote:<BR>> >> When the peer, the local domain=
and the AAA-Home also<BR>> >> support ERP, a DSRK (DSRK1) may be =
requested by the local ER server A at<BR>> >> the time of the EAP =
exchange.<BR>> ><BR>> > Some questions:<BR>> ><BR>> &g=
t; 1. Is the "Local ER server" always a RADIUS client? The ERX <BR>> >=
; document seems to<BR>> > indicate that this might not always be the=
case.<BR>> ><BR>> > 2. How is the request for the DSRK made by=
the "local ER server"? <BR>> > Is the<BR>> > request authentic=
ated with user credentials? How does the RADIUS server<BR>> > determi=
ne if the Request is valid?<BR>> ><BR>> > 3. How does the RADIU=
S server know how to reach the "Local ER server"?<BR>> > The ERX docu=
ment talks about a "Domain Identity". How does the RADIUS <BR>> > ser=
ver<BR>> > use the "Domain Identity" to determine what RADIUS client =
to send a <BR>> > packet to?<BR>> > Is there an assumption that=
the "Local ER server" is one hop away from <BR>> > the<BR>> > =
home RADIUS server? What attributes need to be placed within an <BR>> &g=
t; Access-Accept<BR>> > to ensure that the packet is routed to the "l=
ocal server"?<BR>> ><BR>> > 4. In Figure 1, the ERX document sh=
ows the following flow:<BR>> ><BR>> > [<-- EAP-Request/ ----=
--<BR>> > Identity]<BR>> > [<-- EAP Initiate/ ------<BR>>=
> Reauth-Start]<BR>> ><BR>> > Is this a typo? The figure sh=
ows that the EAP-Request/Identity isn't <BR>> > being responded<BR>&g=
t; > to by the peer. If the peer implements RFC 3748, won't it send an <=
BR>> > EAP-Response,<BR>> > which will be passed to the RADIUS =
server, which will then initiate <BR>> > EAP? Figure 1<BR>> > s=
eems to show the EAP peer ignoring the EAP-Request, which<BR>> > impl=
ies that it needs to wait for some period of time for another <BR>> >=
message, which<BR>> > might or might not arrive. How long should it =
wait?<BR>> ><BR>> > If the peer doesn't respond to the EAP-Requ=
est/Identity, according to <BR>> > RFC 3748<BR>> > and RFC 4137=
, the NAS will retransmit. So we'll have two EAP <BR>> > conversation=
s<BR>> > going on at once?<BR>> ><BR>> > 5. In Figure 2, =
the peer is initiating what would appear to be a <BR>> > standard<BR>=
> > RADIUS/EAP conversation via the EAP-Response/Identity. However, i=
t<BR>> > would appear that the EAP Response/Identity is being "augmen=
ted" by<BR>> > the local server. It's hard for me to tell from the fi=
gure whether the<BR>> > [DSRK Req, Domain Identity] is being inserted=
within the <BR>> > EAP-Response/Identity,<BR>> > or whether it=
represents separate RADIUS attributes. Can you clarify?<BR>> ><BR>&g=
t; > 6. If the "local 'server" isn't on the path between the NAS and the=
<BR>> > home server<BR>> > (as it might not be, because of fai=
lover), what happens? Does each <BR>> > proxy<BR>> > also need =
to host a "local server" to make sure that doesn't occur?<BR>> > If t=
he "local server" is not on the path, then it seems like two <BR>> > =
distinct messages<BR>> > would be required. Is there an expectation t=
hat the RADIUS <BR>> > Access-Accept<BR>> > will be multicast, =
or that two distinct RADIUS Access-Accept packets will<BR>> > be sent=
?<BR>> ><BR>> ><BR>> ><BR>> ><BR>> ><BR>> =
><BR>> > -- <BR>> > to unsubscribe send a message to radiuse=
xt-request@ops.ietf.org with<BR>> > the word 'unsubscribe' in a singl=
e line as the message text body.<BR>> > archive: <http://psg.com/l=
ists/radiusext/><BR>> <BR><BR></body>
</html>=
--_00a39560-8c20-42b1-a8f7-9c046c0e0e28_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 16:30:16 +0000
Message-ID: <BAY117-W66E6FC71AAC12FDF52AB7934C0@phx.gbl>
Content-Type: multipart/alternative; boundary="_c0b33f73-2591-4583-8e87-623f89c426aa_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Dan Harkins <dharkins@lounge.org>
CC: radext mailing list <radiusext@ops.ietf.org>, <hokey@ietf.org>
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Date: Fri, 4 Jan 2008 08:29:53 -0800
MIME-Version: 1.0
--_c0b33f73-2591-4583-8e87-623f89c426aa_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
> You could only end up with the same rMSK being used for multiple NASs> if=
the sequence number the peer used during re-auth was the same. So if> that=
is deemed a problem then mandate that the sequence number be a> monotonica=
lly increasing counter which is initialized to 1 when the peer> finishes in=
itial and full EAP authentication and not when a new rRK is> derived. No ne=
ed for any domain differentiation at any level, just a> simple edit of half=
a sentence in the ERX document.> > If this is the only problem that is sol=
ved by having this key hierarchy> then let's do the simple edit I propose a=
nd get rid of the key hierarchy!> Agreed?
=20
My understanding is that this scheme is in use today, requiring only the MS=
K,
and no changes to the AAA server or new RADIUS attributes. Only changes to
the peer, authenticator and local server are needed. As I understand it, t=
he=20
AAA server only sees Access-Requests originating from the "local server"=20
(e.g. NAS-Identifier =3D local server), so it just responds with the MSK.=20
However, the peer and authenticator do need to be modified to=20
negotiate the scheme prior to first use, since the rMSK is now a function=20
of the MSK and the counter, so as to ensure that no authenticators=20
share the same keying material. =20
=20
=20
=
--_c0b33f73-2591-4583-8e87-623f89c426aa_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
> You could only end up with the same rMSK being used for multiple NASs<=
BR>> if the sequence number the peer used during re-auth was the same. S=
o if<BR>> that is deemed a problem then mandate that the sequence number=
be a<BR>> monotonically increasing counter which is initialized to 1 wh=
en the peer<BR>> finishes initial and full EAP authentication and not wh=
en a new rRK is<BR>> derived. No need for any domain differentiation at =
any level, just a<BR>> simple edit of half a sentence in the ERX documen=
t.<BR>> <BR>> If this is the only problem that is solved by having th=
is key hierarchy<BR>> then let's do the simple edit I propose and get ri=
d of the key hierarchy!<BR>> Agreed?<BR>
<BR>
My understanding is that this scheme is in use today, requiring only the MS=
K,<BR>
and no changes to the AAA server or new RADIUS attributes. Only chang=
es to<BR>
the peer, authenticator and local server are needed. As I understand =
it, the <BR>
AAA server only sees Access-Requests originating from the "local server" <B=
R>
(e.g. NAS-Identifier =3D local server), so it just responds with the M=
SK. <BR>
However, the peer and authenticator do need to be modified to <BR=
>
negotiate the scheme prior to first use, since the rMSK is now a =
function <BR>
of the MSK and the counter, so as to ensure that no authenticators <BR>
share the same keying material. <BR>
<BR>
<BR>
<BR></body>
</html>=
--_c0b33f73-2591-4583-8e87-623f89c426aa_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 16:12:11 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Alan DeKok'" <aland@nitros9.org>
Cc: <Bernard_Aboba@hotmail.com>, <radiusext@ops.ietf.org>
Subject: RE: E2E and crypto-agility
Date: Fri, 4 Jan 2008 08:10:52 -0800
Message-ID: <005801c84eec$61eed6b0$25cc8410$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Thread-Index: AchOqDT0w9muuIosTgKzNKbZ3TIilgAQ3CxQ
Content-Language: en-us
Glen Zorn wrote:
> The only purpose of which I'm aware for e2e encryption in RADIUS is the
> hiding of the encrypted things from proxies.
I trust the people I work with enough to leave my car keys out in
public. But I don't hand them the keys and say "go ahead, take it."
For me, e2e encryption in RADIUS is about *increasing* the security,
not *perfecting* it. The proxies have no business knowing the keys, so
e2e encryption helps increase security.
If the proxies collude with the local network, then they can gain
information that negates e2e encryption... because they effectively
become one of the "ends" in "end-to-end".
[gwz]
No collusion is required, just a hack combined with sniffing the wireless:
barely more effort than w/o this stuff...
[/gwz]
I see no problem here. e2e encryption is useful, and there are
multiple methods where this can be done to *improve* security without
making it perfect.
[gwz]
If that is your goal, I'd suggest trying to find a method that doesn't
involve modifying every L2 in the world...
[/gwz]
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 15:56:55 +0000
Message-ID: <4725.69.12.173.8.1199462106.squirrel@www.trepanning.net>
Date: Fri, 4 Jan 2008 07:55:06 -0800 (PST)
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
From: "Dan Harkins" <dharkins@lounge.org>
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
Cc: "Dan Harkins" <dharkins@lounge.org>, "Alan DeKok" <aland@deployingradius.com>, "radext mailing list" <radiusext@ops.ietf.org>, hokey@ietf.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hi Vidya,
Thank you very much for responding.
On Thu, January 3, 2008 10:20 pm, Narayanan, Vidya wrote:
> Hi Dan,
> There are two points here. End-to-end protection of key material is
> certainly feasible and is not prohibited by the model - it is quite
> feasible in the enterprise space, for instance. Even when hop-by-hop
> protected, the proxies don't have authorization to use the DSRK. It is
> only meant for use by the local ER server.
I understand that it is "not prohibited" but it is not mandatory and
therefore when looking at the security of the scheme we have to operate
under the assumption that the key is being exposed to parties that are
the intended recipient.
This non-authorization isn't enforced anyway is it? It is merely by
fiat in the document that the proxies are not authorized to use the key.
We're just assuming that they won't misbehave.
> For key separation, it is important to have different DSRKs per domain.
> For instance, there must be separation between the rMSKs given to the
> different NASs - if the same DSRK was given to multiple local ER
> servers, you would end up with the same rMSK for multiple NASs. We
> could come up with other key separation techniques that keep the rMSK
> unique, but that would mean introducing the domain or an equivalent
> differentiation at that level instead of at the DSRK.
You could only end up with the same rMSK being used for multiple NASs
if the sequence number the peer used during re-auth was the same. So if
that is deemed a problem then mandate that the sequence number be a
monotonically increasing counter which is initialized to 1 when the peer
finishes initial and full EAP authentication and not when a new rRK is
derived. No need for any domain differentiation at any level, just a
simple edit of half a sentence in the ERX document.
If this is the only problem that is solved by having this key hierarchy
then let's do the simple edit I propose and get rid of the key hierarchy!
Agreed?
> Also, another point is that Domain A and Domain B may actually be
> different administrative domains, in which case, it is not necessarily
> true that they have a business relationship with each other or that they
> have the same level of relationship with the home domain. So, there is
> no assumption that any one visited domain is a proxy in the path between
> another visited domain and the home domain. Hence, ensuring proper key
> separation at the DSRK level is important.
Yes, Domain A and Domain B may actually be different administrative
domains! And the proxies between them and the home server might be too!
And they all might have different business relationships with each other!
That's my point!
We're just placing blind trust in proxies to "do the right thing".
That being the case the level of blind trust placed in ER servers in
Domain A or Domain B CANNOT be any less than the level of blind trust
placed in proxies between them and the home AAA server.
Again, what _specific problem_ is being solved by having different keys
in Domain A and Domain B? Do you want to stop NASs in Domain A from
impersonating NASs in Domain B but for some reason you're not concerned
about proxies impersonating Domain A or Domain B in their entirety?
It seems to me that any problem that requires different keys for ER
Servers in Domain A and Domain B will also require different keys for all
proxies. But we can't do that so we can't really use key separation to
solve the problem, whatever it is.
Key separation would be important if there was a 3 party protocol between
the home AAA server the ER server and the peer that disclosed a unique
key to the ER server and only the ER server. But there isn't.
The argument against a 3 party protocol is that the peer doesn't care
to whom the key is disclosed as long as he continues to get service
provided (and there's no surprises in the bill at the end of the month
but that's what legal documents are for). If the network has to disclose
keys to unintended recipients in order to continue to be able to provide
service then have at it, disclose keys!
What we've ended up with is a network being trusted implicitly to not
misbehave with keys it obtains and a peer that doesn't care as long as
he gets a dial tone. So please tell me what problem is being solved by
having this key hierarchy.
Thank you again for responding to my post and I would be very grateful
if you could answer my questions above and/or point out the errors in
my logic.
regards,
Dan.
> Regards,
> Vidya
>
>> -----Original Message-----
>> From: Dan Harkins [mailto:dharkins@lounge.org]
>> Sent: Thursday, January 03, 2008 4:33 PM
>> To: Narayanan, Vidya
>> Cc: Alan DeKok; radext mailing list; hokey@ietf.org
>> Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
>>
>>
>> Hi Vidya,
>>
>> There may be proxies in between AAA-Home and Local ER
>> server A and between AAA-Home and Local ER Server B. There is
>> strong consensus in the group that there is no problem with
>> this that all the proxies will behave themselves and not
>> abuse the fact that they know DRSK1 and/or DRSK2. That being
>> the case why cannot the same logic that justifies these
>> proxies having such keying material be used to just give the
>> same key to Local ER Server A and Local ER Server B? Why do
>> we need to have different DRSKs? What problem are you trying
>> to solve and isn't that problem still going to be there since
>> proxies are now involved?
>>
>> Dan.
>>
>> On Thu, January 3, 2008 3:02 pm, Narayanan, Vidya wrote:
>> > Hi Alan,
>> > Some of this is revisiting the HOKEY charter discussions and can be
>> > found in the archives, but let me try a bit further to clarify here.
>> >
>> > Consider the following figure:
>> >
>> > -----------
>> > | AAA-Home |
>> > -----------
>> > |
>> >
>> ------------------------------------------------------
>> > |
>> |
>> > -------------------
>> > -------------------
>> > | Local ER server A |
>> | Local ER
>> > server B |
>> > | (Domain A) |
>> | (Domain
>> > B) |
>> > -------------------
>> > -------------------
>> > |
>> |
>> > --------------
>> > --------------
>> > | | |
>> > |
>> > -------- --------
>> --------
>> > --------
>> > | NAS A1 | | NAS A2 |
>> | NAS B1 |
>> > | NAS B2 |
>> > -------- --------
>> --------
>> > --------
>> >
>> > ------
>> > | Peer | ---------->
>> > ------
>> >
>> >
>> > In the figure above, the peer is attached to a NAS (say,
>> A1) in Domain
>> > A, while its home domain corresponds to AAA-Home" which is
>> potentially
>> > much further away than Domain A is. The first time around,
>> the peer
>> > authenticates with its home AAA server, which results in an
>> MSK at NAS
>> > A1 and an EMSK at AAA-Home. This is in accordance with regular EAP
>> > operation. When the peer, the local domain and the AAA-Home also
>> > support ERP, a DSRK (DSRK1) may be requested by the local
>> ER server A
>> > at the time of the EAP exchange. DSRK1 is derived from the
>> EMSK and
>> > given to the Local ER Server A. Now, when the peer moves
>> from NAS A1
>> > to NAS A2, it only needs to perform an ERP exchange with
>> the Local ER Server A.
>> > No exchange is required with AAA-Home. This finishes much quicker
>> > than an exchange that would have to go all the way to AAA-Home.
>> >
>> > It is when the peer moves from Domain A to Domain B that
>> the peer has
>> > to talk to AAA-Home again. At this point, a DSRK2 may be given to
>> > Local ER Server B, which then gets used for
>> re-authentication within
>> > that domain (say, when the peer moves from NAS B1 to NAS B2).
>> >
>> > As shown, all re-authentications within a local domain are
>> restricted
>> > to that domain with no exchanges needed with the home
>> domain (unless
>> > the DSRK expired). Exchanges involve the home domain when the peer
>> > crosses domain boundaries.
>> >
>> > Hope this helps.
>> >
>> > Thanks,
>> > Vidya
>> >
>> >> -----Original Message-----
>> >> From: Alan DeKok [mailto:aland@deployingradius.com]
>> >> Sent: Thursday, January 03, 2008 2:01 PM
>> >> To: Narayanan, Vidya
>> >> Cc: hokey@ietf.org; 'radext mailing list'
>> >> Subject: Re: [HOKEY] Review of
>> draft-gaonkar-radext-erp-attrs-02.txt
>> >>
>> >> Narayanan, Vidya wrote:
>> >> > Thanks for the review. Let me attempt to clarify a few
>> things that
>> >> > may answer majority of your questions below. The DSRK
>> is a domain
>> >> > specific root key that is derived from the EMSK for the
>> purpose of
>> >> > having a local EAP Re-authentication server (ER server) in
>> >> the visited domain.
>> >>
>> >> I'm not sure I understand why. If there isn't an EAP
>> >> re-authentication server, then the EAP authentications will go
>> >> through the local AAA server. So there is significant benefit in
>> >> *always* going through the local AAA server. i.e.
>> >> having the AAA servers cache the keys required for
>> re-authentication.
>> >>
>> >> > "Visited domain" doesn't necessarily imply administrative
>> >> in this case
>> >> > - a large domain can be broken up into multiple smaller
>> domains for
>> >> > sake of efficient re-authentication.
>> >>
>> >> I'm not sure I understand how this helps efficiency. If there's
>> >> one large domain for the initial authentication, then only
>> one domain
>> >> is needed. If the home server can handle the
>> re-authentication, then
>> >> there's doubly no need for multiple domains.
>> >>
>> >> > This is done so that the latency involved in
>> >> reauthentication at the
>> >> > time of a handoff for a peer is minimal (the peer doesn't
>> >> have to go
>> >> > back to the home AAA server to get reauthenticated).
>> When the peer
>> >> > hands off across domains (i.e., leaves the boundary of an
>> >> ER server),
>> >> > it needs to communicate with the home AAA server to obtain
>> >> a new DSRK
>> >> > for the new ER server. This may be done using a full EAP
>> >> exchange or
>> >> > with an ER exchange with the home AAA server.
>> >>
>> >> If the re-authentication has to go back to the home AAA
>> server for
>> >> a to obtain a new DSRK, why are there multiple domains? The home
>> >> server is manifestly capable of handling all re-authentication
>> >> requests.
>> >>
>> >> > The problem statement and use cases are described further in
>> >> >
>> >>
>> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt.
>> >> > The ERX protocol draft itself describes the protocol in detail -
>> >> >
>> >>
>> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt
>> >> > - figure 2, for instance, shows the recipient of the DSRK
>> >> and how it
>> >> > is further used for reauthentication during
>> authenticator changes
>> >> > within that domain.
>> >>
>> >> I think I need to address many of my comments to that draft.
>> >>
>> >> > Hope this clarifies many of the things you ask below. A
>> >> few further
>> >> > comments inline on the other questions.
>> >>
>> >> It clarifies it a little. I've gone over the problem statement
>> >> draft, and have some questions about it.
>> >>
>> >> > Actually, this document has gone through a couple of
>> >> contortions due
>> >> > to lack of clarity from the RADIUS side on how to proceed here.
>> >>
>> >> The radext WG is always available to answer questions.
>> >> I've been lurking on hokey for a while, but until recently
>> have been
>> >> too busy to pay much attention to the drafts.
>> >>
>> >> > There will only be one key response, but the key name is
>> >> still needed
>> >> > so that the peer, upon reauthentication later, can refer
>> to the key.
>> >>
>> >> Ok... I have questions, but I'll address them to another
>> draft, I
>> >> think.
>> >>
>> >> > As I mentioned before, there is no goal to change the
>> >> RADIUS security
>> >> > measures. This draft will also be updated to work with
>> keywrap and
>> >> > DTLS
>> >>
>> >> I don't believe either method is strictly necessary for
>> >> transporting these keys. There are alternatives that
>> should be able
>> >> to work.
>> >>
>> >> Alan DeKok.
>> >>
>> >
>> > _______________________________________________
>> > HOKEY mailing list
>> > HOKEY@ietf.org
>> > https://www1.ietf.org/mailman/listinfo/hokey
>> >
>>
>>
>>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 10:57:58 +0000
Message-ID: <477E10E3.50802@gmx.net>
Date: Fri, 04 Jan 2008 11:56:35 +0100
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Bernard_Aboba@hotmail.com
CC: radiusext@ops.ietf.org, hokey@ietf.org
Subject: AAA Routing with EAP-ER
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Working on
http://tools.ietf.org/wg/dime/draft-dondeti-dime-erp-diameter-01.txt
the question of defining AVPs vs. defining a new Diameter application
showed up.
I wrote a section about this into that draft and I wonder whether my
assumptions are reasonable:
3. Assumptions
This document defines additional optional AVPs for usage with the
Diameter EAP application. Routing of these messages is therefore
provided via the Diameter Application Identifier (among other
elements), as specified by the Diameter Base protocol [4]. Based on
the deployment of ERP, a local Diameter server (the same entity
serves as a Diameter proxy during the full EAP authentication) may
play the role of the ER server for future re-authentication attempts.
As such, the local Diameter server requesting the DSRK needs to be in
the path of the current EAP exchange between the peer and the EAP
server and also along the path in the future. The Diameter client is
furthermore assumed to be able to route the re-authentication
messages to the ER server.
Depending on some of the answers to the questions raised in this
discussion it might be necessary to define a new Diameter application
rather than just defining new AVPs.
Ciao
Hannes
Bernard_Aboba@hotmail.com wrote:
>> When the peer, the local domain and the AAA-Home also
>> support ERP, a DSRK (DSRK1) may be requested by the local ER server A at
>> the time of the EAP exchange.
>
> Some questions:
>
> 1. Is the "Local ER server" always a RADIUS client? The ERX
> document seems to
> indicate that this might not always be the case.
>
> 2. How is the request for the DSRK made by the "local ER server"?
> Is the
> request authenticated with user credentials? How does the RADIUS server
> determine if the Request is valid?
>
> 3. How does the RADIUS server know how to reach the "Local ER server"?
> The ERX document talks about a "Domain Identity". How does the RADIUS
> server
> use the "Domain Identity" to determine what RADIUS client to send a
> packet to?
> Is there an assumption that the "Local ER server" is one hop away from
> the
> home RADIUS server? What attributes need to be placed within an
> Access-Accept
> to ensure that the packet is routed to the "local server"?
>
> 4. In Figure 1, the ERX document shows the following flow:
>
> [<-- EAP-Request/ ------
> Identity]
> [<-- EAP Initiate/ ------
> Reauth-Start]
>
> Is this a typo? The figure shows that the EAP-Request/Identity isn't
> being responded
> to by the peer. If the peer implements RFC 3748, won't it send an
> EAP-Response,
> which will be passed to the RADIUS server, which will then initiate
> EAP? Figure 1
> seems to show the EAP peer ignoring the EAP-Request, which
> implies that it needs to wait for some period of time for another
> message, which
> might or might not arrive. How long should it wait?
>
> If the peer doesn't respond to the EAP-Request/Identity, according to
> RFC 3748
> and RFC 4137, the NAS will retransmit. So we'll have two EAP
> conversations
> going on at once?
>
> 5. In Figure 2, the peer is initiating what would appear to be a
> standard
> RADIUS/EAP conversation via the EAP-Response/Identity. However, it
> would appear that the EAP Response/Identity is being "augmented" by
> the local server. It's hard for me to tell from the figure whether the
> [DSRK Req, Domain Identity] is being inserted within the
> EAP-Response/Identity,
> or whether it represents separate RADIUS attributes. Can you clarify?
>
> 6. If the "local 'server" isn't on the path between the NAS and the
> home server
> (as it might not be, because of failover), what happens? Does each
> proxy
> also need to host a "local server" to make sure that doesn't occur?
> If the "local server" is not on the path, then it seems like two
> distinct messages
> would be required. Is there an expectation that the RADIUS
> Access-Accept
> will be multicast, or that two distinct RADIUS Access-Accept packets will
> be sent?
>
>
>
>
>
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 09:37:35 +0000
Message-ID: <477DFDD2.2020600@nitros9.org>
Date: Fri, 04 Jan 2008 10:35:14 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Bernard_Aboba@hotmail.com
CC: Glen Zorn <glenzorn@comcast.net>, radiusext@ops.ietf.org
Subject: Re: E2E and crypto-agility
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Bernard_Aboba@hotmail.com wrote:
> The question that is before the WG is "is support for e2e encryption a
> requirement for RADIUS crypto-agility?"
If the IESG mandates it, yes. Otherwise, I don't see a need for it.
> I think that this question is related to the automated key management
> question, because if we say that it is a requirement, then we have an
> n x n problem that would seem to fall into the RFC 4107 requirements
> for automated key management.
Yes.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 08:56:14 +0000
Message-ID: <BAY117-DS1142B56CEEB489EE3599D934C0@phx.gbl>
From: <Bernard_Aboba@hotmail.com>
To: <radiusext@ops.ietf.org>
Subject: Re: E2E and crypto-agility
Date: Fri, 4 Jan 2008 00:55:35 -0800
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
Content-Transfer-Encoding: 7bit
> Is there a *real-world* problem we're trying
> to solve here, or a theoretical exercise that is made moot by real-world
> business realities?
I think there may be a problem here, but I'm not clear how that problem
is related to "RADIUS crypto-agility" or why it is in the interest of the
RADEXT WG to try to solve it at the present moment.
For example, using crypto-agility, ciphersuites can be negotiated to
provide improved integrity protection as well as confidentiality for
a portion or all of the RADIUS packet.
This would seem to be an orthogonal question to the topology of
RADIUS clients, proxies and servers.
Or am I missing something?
Yes, automated key management, if implemented, might make it
possible for untrusted proxies to be bypassed (e.g. the local
proxy might be able to bypass a less trust worthy proxy and
talk to an entity closer to the home server, assuming that the
two entities share trust anchors).
And yes, it is possible that somewhere, somehow, someone
might want to implement Kerb/RADIUS or CMS (which were
discussed in AAA WG years ago but which languished for lack of interest).
However, to me this doesn't seem like a requirement
in the development of the two proposals that we've been
discussing.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 08:19:27 +0000
Message-ID: <BAY117-DS3708A3269C29B41536BD3934C0@phx.gbl>
From: <Bernard_Aboba@hotmail.com>
To: "Alan DeKok" <aland@nitros9.org>, "Glen Zorn" <glenzorn@comcast.net>
Cc: <radiusext@ops.ietf.org>
Subject: Re: E2E and crypto-agility
Date: Fri, 4 Jan 2008 00:19:11 -0800
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
Content-Transfer-Encoding: 7bit
> I see no problem here. e2e encryption is useful, and there are
> multiple methods where this can be done to *improve* security without
> making it perfect.
The question that is before the WG is "is support for e2e encryption a
requirement for RADIUS crypto-agility?"
I think that this question is related to the automated key management
question, because if we say that it is a requirement, then we have an
n x n problem that would seem to fall into the RFC 4107 requirements
for automated key management.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 08:10:49 +0000
Message-ID: <BAY117-DS16F5FB007DE1DFF732696934C0@phx.gbl>
From: <Bernard_Aboba@hotmail.com>
To: <radiusext@ops.ietf.org>
Cc: <hokey@ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Date: Fri, 4 Jan 2008 00:10:35 -0800
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
Content-Transfer-Encoding: 7bit
>When the peer, the local domain and the AAA-Home also
> support ERP, a DSRK (DSRK1) may be requested by the local ER server A at
> the time of the EAP exchange.
Some questions:
1. Is the "Local ER server" always a RADIUS client? The ERX document
seems to
indicate that this might not always be the case.
2. How is the request for the DSRK made by the "local ER server"? Is the
request authenticated with user credentials? How does the RADIUS server
determine if the Request is valid?
3. How does the RADIUS server know how to reach the "Local ER server"?
The ERX document talks about a "Domain Identity". How does the RADIUS
server
use the "Domain Identity" to determine what RADIUS client to send a packet
to?
Is there an assumption that the "Local ER server" is one hop away from the
home RADIUS server? What attributes need to be placed within an
Access-Accept
to ensure that the packet is routed to the "local server"?
4. In Figure 1, the ERX document shows the following flow:
[<-- EAP-Request/ ------
Identity]
[<-- EAP Initiate/ ------
Reauth-Start]
Is this a typo? The figure shows that the EAP-Request/Identity isn't being
responded
to by the peer. If the peer implements RFC 3748, won't it send an
EAP-Response,
which will be passed to the RADIUS server, which will then initiate EAP?
Figure 1
seems to show the EAP peer ignoring the EAP-Request, which
implies that it needs to wait for some period of time for another message,
which
might or might not arrive. How long should it wait?
If the peer doesn't respond to the EAP-Request/Identity, according to RFC
3748
and RFC 4137, the NAS will retransmit. So we'll have two EAP conversations
going on at once?
5. In Figure 2, the peer is initiating what would appear to be a standard
RADIUS/EAP conversation via the EAP-Response/Identity. However, it
would appear that the EAP Response/Identity is being "augmented" by
the local server. It's hard for me to tell from the figure whether the
[DSRK Req, Domain Identity] is being inserted within the
EAP-Response/Identity,
or whether it represents separate RADIUS attributes. Can you clarify?
6. If the "local 'server" isn't on the path between the NAS and the home
server
(as it might not be, because of failover), what happens? Does each proxy
also need to host a "local server" to make sure that doesn't occur?
If the "local server" is not on the path, then it seems like two distinct
messages
would be required. Is there an expectation that the RADIUS Access-Accept
will be multicast, or that two distinct RADIUS Access-Accept packets will
be sent?
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 08:03:22 +0000
Message-ID: <477DE7C1.3080209@nitros9.org>
Date: Fri, 04 Jan 2008 09:01:05 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: Bernard_Aboba@hotmail.com, radiusext@ops.ietf.org
Subject: Re: E2E and crypto-agility
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> The only purpose of which I'm aware for e2e encryption in RADIUS is the
> hiding of the encrypted things from proxies.
I trust the people I work with enough to leave my car keys out in
public. But I don't hand them the keys and say "go ahead, take it."
For me, e2e encryption in RADIUS is about *increasing* the security,
not *perfecting* it. The proxies have no business knowing the keys, so
e2e encryption helps increase security.
If the proxies collude with the local network, then they can gain
information that negates e2e encryption... because they effectively
become one of the "ends" in "end-to-end".
I see no problem here. e2e encryption is useful, and there are
multiple methods where this can be done to *improve* security without
making it perfect.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 07:30:16 +0000
From: Stefan Winter <stefan.winter@restena.lu>
Organization: Fondation RESTENA
To: radiusext@ops.ietf.org
Subject: Re: Comments on "practical deployments"
Date: Fri, 4 Jan 2008 08:29:01 +0100
User-Agent: KMail/1.9.6 (enterprise 20070904.708012)
Cc: "David B. Nelson" <dnelson@elbrysnetworks.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2960769.TSQmb884QQ"; protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200801040829.01628.stefan.winter@restena.lu>
--nextPart2960769.TSQmb884QQ
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Am Donnerstag, 27. Dezember 2007 19:35:02 schrieb Alan DeKok:
> David B. Nelson wrote:
> >> If the only way to obtain network access is via EAP, then you have a
> >> bootstrapping problem. Once the users have signed up, everything is
> >> great. The users who *haven't* signed up are shut out. Permanently.
> >
> > So, this is really an enrollment issue, not an authentication issue?
>
> No. Think of roaming, which I've been spending a lot of time on lately.
>
> If authentication is required for any IP-based network access, then
> how do roaming users know that they can authenticate using the local
> network? Pre-provisioning devices with roaming knowledge doesn't scale,
> and it doesn't handle dynamic networks. 802.11af doesn't scale either,
> and isn't designed to scale.
>
> When the user doesn't have any network access, they can't determine
> whether or not authentication is possible. They can't determine which
> authentication credentials to use. So requiring authentication means
> *forbidding* network access to a large class of users who could
> *potentially* obtain network access.
>
> Alan DeKok.
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
=2D-=20
Stefan WINTER
Stiftung RESTENA - R=E9seau T=E9l=E9informatique de l'Education Nationale e=
t de=20
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu =A0 =A0 Tel.: =A0 =A0+352 424409-1
http://www.restena.lu =A0 =A0 =A0 =A0 =A0 =A0 =A0 Fax: =A0 =A0 =A0+352 422=
473
--nextPart2960769.TSQmb884QQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQBHfeA9+jm90f8eFWYRAtsiAKCCJMZ86n4c9ydfB5KbsOp2C3wmdgCePiGJ
TpoeP1ijAdszdC4xngz6ns8=
=xWyp
-----END PGP SIGNATURE-----
--nextPart2960769.TSQmb884QQ--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 07:23:26 +0000
From: Stefan Winter <stefan.winter@restena.lu>
Organization: Fondation RESTENA
To: Alan DeKok <aland@nitros9.org>, Bernard Aboba <bernard_aboba@hotmail.com>, radiusext@ops.ietf.org
Subject: Re: Comments on "practical deployments"
Date: Fri, 4 Jan 2008 08:22:17 +0100
User-Agent: KMail/1.9.6 (enterprise 20070904.708012)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3738705.siFGThUpKB"; protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200801040822.17943.stefan.winter@restena.lu>
--nextPart3738705.siFGThUpKB
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
> > It will be interesting to see how well it works. I have previously been
> > involved in a number of
> > inter-domain roaming trials. When the RADIUS traffic was routed through
> > an exchange point,
> > the results were not very promising. With packet loss rates of 1-5%,
>
> I'll track the tests, and see if we can do some measurements under load.
>
> For existing (non-EAP) proxies, I don't recall seeing loss rates that
> high. I'll go check, but I think latencies and loss have decreased,
> while bandwidth has increased in the net. Plus, most RADIUS
> interconnects are now done over Ipsec, which helps with the underlying
> reliability.
This is why we dug out RadSec. The network backbone we are using typically=
=20
performs a lot better than 1-5% losses, but still the number of packets=20
involved in an EAP auth almost cries for a reliable transport.
IPSec was deployed (maybe still is, I can try to find out), but according t=
o=20
the admin there it was a real pain in the ... various parts of the body.
Greetings,
Stefan Winter
=2D-=20
Stiftung RESTENA - R=E9seau T=E9l=E9informatique de l'Education Nationale e=
t de=20
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu =A0 =A0 Tel.: =A0 =A0+352 424409-1
http://www.restena.lu =A0 =A0 =A0 =A0 =A0 =A0 =A0 Fax: =A0 =A0 =A0+352 422=
473
--nextPart3738705.siFGThUpKB
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQBHfd6p+jm90f8eFWYRArXmAJoCnFUkzbpkH1ndCjpJX9YUiMGiNwCfRmRx
LD+9ozn9aM6XQQzQZY06PBs=
=pqV0
-----END PGP SIGNATURE-----
--nextPart3738705.siFGThUpKB--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 07:17:24 +0000
From: Stefan Winter <stefan.winter@restena.lu>
Organization: Fondation RESTENA
To: Bernard_Aboba@hotmail.com, "Alan DeKok" <aland@nitros9.org>, radiusext@ops.ietf.org
Subject: Re: Comments on "practical deployments"
Date: Fri, 4 Jan 2008 08:15:53 +0100
User-Agent: KMail/1.9.6 (enterprise 20070904.708012)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4456099.OuFvFAhaBB"; protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200801040815.58002.stefan.winter@restena.lu>
--nextPart4456099.OuFvFAhaBB
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi,
> In terms of major EAP deployments that support inter-domain roaming
> with substantial usage, one deployment (EDUROAM) is several orders of
> magnitude larger than any other that I am aware of.
I can confirm taht eduroam is EAP with mutual authentication only, and span=
s=20
some 35 countries right now; approx. 500 universities and other scientific=
=20
institutions. I'm not aware of any larger deployment in the world.
BTW, we do see some shortcomings of EAPoL and 802.1X, most notably the lack=
of=20
properly informing the user what went wrong if something went wrong. But=20
that's another story and OT here I guess.
> As far as I know, EDUROAM does not use Diameter nor are there any
> major deployments of Diameter EAP.
We seriously considered it, but since Diameter+NASREQ+EAP + decent backend=
=20
connections didn't manifest implementation-wise, it was never taken further=
=2E=20
RadSec solved most of the problems we had.
Greetings,
Stefan Winter
=2D-=20
Stefan WINTER
Stiftung RESTENA - R=E9seau T=E9l=E9informatique de l'Education Nationale e=
t de=20
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu =A0 =A0 Tel.: =A0 =A0+352 424409-1
http://www.restena.lu =A0 =A0 =A0 =A0 =A0 =A0 =A0 Fax: =A0 =A0 =A0+352 422=
473
--nextPart4456099.OuFvFAhaBB
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQBHfd0t+jm90f8eFWYRAopPAKCDPdCZRypXb409k8jRktJEVfyYLQCeL9pn
6VcvssXhSHnPqRsF+J3EMGw=
=Y+ec
-----END PGP SIGNATURE-----
--nextPart4456099.OuFvFAhaBB--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 06:22:07 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=K9qHA4OMKNawrIxYB8IroPk/T6r5Ohwqrz6Zn7HwXcSnul3MAtcaNJFt NedfY3UHJ4urizcIKVU+Q1zDamDbvL1u9hfk08mMcuJsvN9j5Aqb7GLzr HmmNvAV4aJfuDGHc3PI1WDWcXrMN6yJ0+g+3oyypyT2s0OXBFf0NcBWo2 w=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Date: Thu, 3 Jan 2008 22:20:38 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513C2277D@NAEX13.na.qualcomm.com>
Thread-Topic: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Thread-Index: AchOaWvHQNI4Dr+2QNChxEkZFeCpzAAJg4FA
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: "Dan Harkins" <dharkins@lounge.org>
Cc: "Alan DeKok" <aland@deployingradius.com>, "radext mailing list" <radiusext@ops.ietf.org>, <hokey@ietf.org>
Hi Dan,
There are two points here. End-to-end protection of key material is
certainly feasible and is not prohibited by the model - it is quite
feasible in the enterprise space, for instance. Even when hop-by-hop
protected, the proxies don't have authorization to use the DSRK. It is
only meant for use by the local ER server. =20
For key separation, it is important to have different DSRKs per domain.
For instance, there must be separation between the rMSKs given to the
different NASs - if the same DSRK was given to multiple local ER
servers, you would end up with the same rMSK for multiple NASs. We
could come up with other key separation techniques that keep the rMSK
unique, but that would mean introducing the domain or an equivalent
differentiation at that level instead of at the DSRK. =20
Also, another point is that Domain A and Domain B may actually be
different administrative domains, in which case, it is not necessarily
true that they have a business relationship with each other or that they
have the same level of relationship with the home domain. So, there is
no assumption that any one visited domain is a proxy in the path between
another visited domain and the home domain. Hence, ensuring proper key
separation at the DSRK level is important.=20
Regards,
Vidya
> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@lounge.org]=20
> Sent: Thursday, January 03, 2008 4:33 PM
> To: Narayanan, Vidya
> Cc: Alan DeKok; radext mailing list; hokey@ietf.org
> Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
>=20
>=20
> Hi Vidya,
>=20
> There may be proxies in between AAA-Home and Local ER=20
> server A and between AAA-Home and Local ER Server B. There is=20
> strong consensus in the group that there is no problem with=20
> this that all the proxies will behave themselves and not=20
> abuse the fact that they know DRSK1 and/or DRSK2. That being=20
> the case why cannot the same logic that justifies these=20
> proxies having such keying material be used to just give the=20
> same key to Local ER Server A and Local ER Server B? Why do=20
> we need to have different DRSKs? What problem are you trying=20
> to solve and isn't that problem still going to be there since=20
> proxies are now involved?
>=20
> Dan.
>=20
> On Thu, January 3, 2008 3:02 pm, Narayanan, Vidya wrote:
> > Hi Alan,
> > Some of this is revisiting the HOKEY charter discussions and can be=20
> > found in the archives, but let me try a bit further to clarify here.
> >
> > Consider the following figure:
> >
> > -----------
> > | AAA-Home |
> > -----------
> > |
> > =20
> ------------------------------------------------------
> > | =20
> |
> > -------------------
> > -------------------
> > | Local ER server A | =20
> | Local ER
> > server B |
> > | (Domain A) | =20
> | (Domain
> > B) |
> > -------------------
> > -------------------
> > | =20
> |
> > --------------
> > --------------
> > | | |
> > |
> > -------- -------- =20
> --------
> > --------
> > | NAS A1 | | NAS A2 | =20
> | NAS B1 |
> > | NAS B2 |
> > -------- -------- =20
> --------
> > --------
> >
> > ------
> > | Peer | ---------->
> > ------
> >
> >
> > In the figure above, the peer is attached to a NAS (say,=20
> A1) in Domain=20
> > A, while its home domain corresponds to AAA-Home" which is=20
> potentially=20
> > much further away than Domain A is. The first time around,=20
> the peer=20
> > authenticates with its home AAA server, which results in an=20
> MSK at NAS
> > A1 and an EMSK at AAA-Home. This is in accordance with regular EAP=20
> > operation. When the peer, the local domain and the AAA-Home also=20
> > support ERP, a DSRK (DSRK1) may be requested by the local=20
> ER server A=20
> > at the time of the EAP exchange. DSRK1 is derived from the=20
> EMSK and=20
> > given to the Local ER Server A. Now, when the peer moves=20
> from NAS A1=20
> > to NAS A2, it only needs to perform an ERP exchange with=20
> the Local ER Server A.
> > No exchange is required with AAA-Home. This finishes much quicker=20
> > than an exchange that would have to go all the way to AAA-Home.
> >
> > It is when the peer moves from Domain A to Domain B that=20
> the peer has=20
> > to talk to AAA-Home again. At this point, a DSRK2 may be given to=20
> > Local ER Server B, which then gets used for=20
> re-authentication within=20
> > that domain (say, when the peer moves from NAS B1 to NAS B2).
> >
> > As shown, all re-authentications within a local domain are=20
> restricted=20
> > to that domain with no exchanges needed with the home=20
> domain (unless=20
> > the DSRK expired). Exchanges involve the home domain when the peer=20
> > crosses domain boundaries.
> >
> > Hope this helps.
> >
> > Thanks,
> > Vidya
> >
> >> -----Original Message-----
> >> From: Alan DeKok [mailto:aland@deployingradius.com]
> >> Sent: Thursday, January 03, 2008 2:01 PM
> >> To: Narayanan, Vidya
> >> Cc: hokey@ietf.org; 'radext mailing list'
> >> Subject: Re: [HOKEY] Review of=20
> draft-gaonkar-radext-erp-attrs-02.txt
> >>
> >> Narayanan, Vidya wrote:
> >> > Thanks for the review. Let me attempt to clarify a few=20
> things that=20
> >> > may answer majority of your questions below. The DSRK=20
> is a domain=20
> >> > specific root key that is derived from the EMSK for the=20
> purpose of=20
> >> > having a local EAP Re-authentication server (ER server) in
> >> the visited domain.
> >>
> >> I'm not sure I understand why. If there isn't an EAP=20
> >> re-authentication server, then the EAP authentications will go=20
> >> through the local AAA server. So there is significant benefit in=20
> >> *always* going through the local AAA server. i.e.
> >> having the AAA servers cache the keys required for=20
> re-authentication.
> >>
> >> > "Visited domain" doesn't necessarily imply administrative
> >> in this case
> >> > - a large domain can be broken up into multiple smaller=20
> domains for=20
> >> > sake of efficient re-authentication.
> >>
> >> I'm not sure I understand how this helps efficiency. If there's=20
> >> one large domain for the initial authentication, then only=20
> one domain=20
> >> is needed. If the home server can handle the=20
> re-authentication, then=20
> >> there's doubly no need for multiple domains.
> >>
> >> > This is done so that the latency involved in
> >> reauthentication at the
> >> > time of a handoff for a peer is minimal (the peer doesn't
> >> have to go
> >> > back to the home AAA server to get reauthenticated). =20
> When the peer=20
> >> > hands off across domains (i.e., leaves the boundary of an
> >> ER server),
> >> > it needs to communicate with the home AAA server to obtain
> >> a new DSRK
> >> > for the new ER server. This may be done using a full EAP
> >> exchange or
> >> > with an ER exchange with the home AAA server.
> >>
> >> If the re-authentication has to go back to the home AAA=20
> server for=20
> >> a to obtain a new DSRK, why are there multiple domains? The home=20
> >> server is manifestly capable of handling all re-authentication=20
> >> requests.
> >>
> >> > The problem statement and use cases are described further in
> >> >
> >>=20
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt.
> >> > The ERX protocol draft itself describes the protocol in detail -
> >> >
> >>=20
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt
> >> > - figure 2, for instance, shows the recipient of the DSRK
> >> and how it
> >> > is further used for reauthentication during=20
> authenticator changes=20
> >> > within that domain.
> >>
> >> I think I need to address many of my comments to that draft.
> >>
> >> > Hope this clarifies many of the things you ask below. A
> >> few further
> >> > comments inline on the other questions.
> >>
> >> It clarifies it a little. I've gone over the problem statement=20
> >> draft, and have some questions about it.
> >>
> >> > Actually, this document has gone through a couple of
> >> contortions due
> >> > to lack of clarity from the RADIUS side on how to proceed here.
> >>
> >> The radext WG is always available to answer questions.
> >> I've been lurking on hokey for a while, but until recently=20
> have been=20
> >> too busy to pay much attention to the drafts.
> >>
> >> > There will only be one key response, but the key name is
> >> still needed
> >> > so that the peer, upon reauthentication later, can refer=20
> to the key.
> >>
> >> Ok... I have questions, but I'll address them to another=20
> draft, I=20
> >> think.
> >>
> >> > As I mentioned before, there is no goal to change the
> >> RADIUS security
> >> > measures. This draft will also be updated to work with=20
> keywrap and=20
> >> > DTLS
> >>
> >> I don't believe either method is strictly necessary for=20
> >> transporting these keys. There are alternatives that=20
> should be able=20
> >> to work.
> >>
> >> Alan DeKok.
> >>
> >
> > _______________________________________________
> > HOKEY mailing list
> > HOKEY@ietf.org
> > https://www1.ietf.org/mailman/listinfo/hokey
> >
>=20
>=20
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 01:15:20 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Alan DeKok'" <aland@nitros9.org>
Cc: <Bernard_Aboba@hotmail.com>, <radiusext@ops.ietf.org>
Subject: RE: E2E and crypto-agility
Date: Thu, 3 Jan 2008 17:14:06 -0800
Message-ID: <00f001c84e6f$1b0e5680$512b0380$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AchOYDVpn+zTyAEmRC+GrLd+7Fhq+wADEU1w
Content-Language: en-us
Glen Zorn wrote:
> It's hard to see how this solves any known problem. We already know how
te
> secure the key on the wire; the only problem is with evil proxies.
Um... if you don't trust the proxies, why are you letting them control
access to your network?
[gwz]
The only purpose of which I'm aware for e2e encryption in RADIUS is the
hiding of the encrypted things from proxies.
[/gwz]
...
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 04 Jan 2008 00:34:22 +0000
Message-ID: <3692.216.31.249.246.1199406785.squirrel@www.trepanning.net>
Date: Thu, 3 Jan 2008 16:33:05 -0800 (PST)
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
From: "Dan Harkins" <dharkins@lounge.org>
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
Cc: "Alan DeKok" <aland@deployingradius.com>, "radext mailing list" <radiusext@ops.ietf.org>, hokey@ietf.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hi Vidya,
There may be proxies in between AAA-Home and Local ER server A
and between AAA-Home and Local ER Server B. There is strong consensus
in the group that there is no problem with this that all the proxies
will behave themselves and not abuse the fact that they know DRSK1
and/or DRSK2. That being the case why cannot the same logic that justifies
these proxies having such keying material be used to just give the
same key to Local ER Server A and Local ER Server B? Why do we need
to have different DRSKs? What problem are you trying to solve and isn't
that problem still going to be there since proxies are now involved?
Dan.
On Thu, January 3, 2008 3:02 pm, Narayanan, Vidya wrote:
> Hi Alan,
> Some of this is revisiting the HOKEY charter discussions and can be
> found in the archives, but let me try a bit further to clarify here.
>
> Consider the following figure:
>
> -----------
> | AAA-Home |
> -----------
> |
> ------------------------------------------------------
> | |
> -------------------
> -------------------
> | Local ER server A | | Local ER
> server B |
> | (Domain A) | | (Domain
> B) |
> -------------------
> -------------------
> | |
> --------------
> --------------
> | | |
> |
> -------- -------- --------
> --------
> | NAS A1 | | NAS A2 | | NAS B1 |
> | NAS B2 |
> -------- -------- --------
> --------
>
> ------
> | Peer | ---------->
> ------
>
>
> In the figure above, the peer is attached to a NAS (say, A1) in Domain
> A, while its home domain corresponds to AAA-Home" which is potentially
> much further away than Domain A is. The first time around, the peer
> authenticates with its home AAA server, which results in an MSK at NAS
> A1 and an EMSK at AAA-Home. This is in accordance with regular EAP
> operation. When the peer, the local domain and the AAA-Home also
> support ERP, a DSRK (DSRK1) may be requested by the local ER server A at
> the time of the EAP exchange. DSRK1 is derived from the EMSK and given
> to the Local ER Server A. Now, when the peer moves from NAS A1 to NAS
> A2, it only needs to perform an ERP exchange with the Local ER Server A.
> No exchange is required with AAA-Home. This finishes much quicker than
> an exchange that would have to go all the way to AAA-Home.
>
> It is when the peer moves from Domain A to Domain B that the peer has to
> talk to AAA-Home again. At this point, a DSRK2 may be given to Local ER
> Server B, which then gets used for re-authentication within that domain
> (say, when the peer moves from NAS B1 to NAS B2).
>
> As shown, all re-authentications within a local domain are restricted to
> that domain with no exchanges needed with the home domain (unless the
> DSRK expired). Exchanges involve the home domain when the peer crosses
> domain boundaries.
>
> Hope this helps.
>
> Thanks,
> Vidya
>
>> -----Original Message-----
>> From: Alan DeKok [mailto:aland@deployingradius.com]
>> Sent: Thursday, January 03, 2008 2:01 PM
>> To: Narayanan, Vidya
>> Cc: hokey@ietf.org; 'radext mailing list'
>> Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
>>
>> Narayanan, Vidya wrote:
>> > Thanks for the review. Let me attempt to clarify a few things that
>> > may answer majority of your questions below. The DSRK is a domain
>> > specific root key that is derived from the EMSK for the purpose of
>> > having a local EAP Re-authentication server (ER server) in
>> the visited domain.
>>
>> I'm not sure I understand why. If there isn't an EAP
>> re-authentication server, then the EAP authentications will
>> go through the local AAA server. So there is significant
>> benefit in *always* going through the local AAA server. i.e.
>> having the AAA servers cache the keys required for re-authentication.
>>
>> > "Visited domain" doesn't necessarily imply administrative
>> in this case
>> > - a large domain can be broken up into multiple smaller domains for
>> > sake of efficient re-authentication.
>>
>> I'm not sure I understand how this helps efficiency. If
>> there's one large domain for the initial authentication, then
>> only one domain is needed. If the home server can handle the
>> re-authentication, then there's doubly no need for multiple domains.
>>
>> > This is done so that the latency involved in
>> reauthentication at the
>> > time of a handoff for a peer is minimal (the peer doesn't
>> have to go
>> > back to the home AAA server to get reauthenticated). When the peer
>> > hands off across domains (i.e., leaves the boundary of an
>> ER server),
>> > it needs to communicate with the home AAA server to obtain
>> a new DSRK
>> > for the new ER server. This may be done using a full EAP
>> exchange or
>> > with an ER exchange with the home AAA server.
>>
>> If the re-authentication has to go back to the home AAA
>> server for a to obtain a new DSRK, why are there multiple
>> domains? The home server is manifestly capable of handling
>> all re-authentication requests.
>>
>> > The problem statement and use cases are described further in
>> >
>> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt.
>> > The ERX protocol draft itself describes the protocol in detail -
>> >
>> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt
>> > - figure 2, for instance, shows the recipient of the DSRK
>> and how it
>> > is further used for reauthentication during authenticator changes
>> > within that domain.
>>
>> I think I need to address many of my comments to that draft.
>>
>> > Hope this clarifies many of the things you ask below. A
>> few further
>> > comments inline on the other questions.
>>
>> It clarifies it a little. I've gone over the problem
>> statement draft, and have some questions about it.
>>
>> > Actually, this document has gone through a couple of
>> contortions due
>> > to lack of clarity from the RADIUS side on how to proceed here.
>>
>> The radext WG is always available to answer questions.
>> I've been lurking on hokey for a while, but until recently
>> have been too busy to pay much attention to the drafts.
>>
>> > There will only be one key response, but the key name is
>> still needed
>> > so that the peer, upon reauthentication later, can refer to the key.
>>
>> Ok... I have questions, but I'll address them to another
>> draft, I think.
>>
>> > As I mentioned before, there is no goal to change the
>> RADIUS security
>> > measures. This draft will also be updated to work with keywrap and
>> > DTLS
>>
>> I don't believe either method is strictly necessary for
>> transporting these keys. There are alternatives that should
>> be able to work.
>>
>> Alan DeKok.
>>
>
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 23:25:16 +0000
Message-ID: <477D6E52.60602@nitros9.org>
Date: Fri, 04 Jan 2008 00:22:58 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: Bernard_Aboba@hotmail.com, radiusext@ops.ietf.org
Subject: Re: E2E and crypto-agility
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> It's hard to see how this solves any known problem. We already know how te
> secure the key on the wire; the only problem is with evil proxies.
Um... if you don't trust the proxies, why are you letting them control
access to your network?
RADIUS authentication routing is *not* IPv4 packet routing. There are
commercial agreements in place for RADIUS traffic between any two
networks. This isn't true for IPv4.
> Since in
> the last step the end-user transmits K'' to the NAS (necessarily unencrypted
> since the peer & NAS do not yet share any keying material)
The NAS can prove to the peer that it knows the encrypted key. The
peer can then send the NAS the decryption key, or any other key
derivation function.
> you have
> basically divulged your key-encrypting key to the world, which of course
> includes any RADIUS proxies that were in the forwarding path. So what does
> this help?
Giving a key to the NAS is equivalent to giving it to the local AAA
server, because they are run by the same administrative entity. So
*any* proposal that gives keying material to the NAS is vulnerable to
this attack.
If the desire is to protect against third-party proxies, such as
roaming or interconnect providers, see my first set of comments. In
addition, the local NAS (and AAA server) can choose to share that keying
material with anyone else in the world, including RADIUS proxies. This
is true today.
The MPPE keys used for 802.1x keying today are shared in the clear
with all RADIUS proxies. Is there a *real-world* problem we're trying
to solve here, or a theoretical exercise that is made moot by real-world
business realities?
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 23:07:24 +0000
Message-ID: <477D6A2E.20802@deployingradius.com>
Date: Fri, 04 Jan 2008 00:05:18 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
CC: hokey@ietf.org, radext mailing list <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Narayanan, Vidya wrote:
> Some of this is revisiting the HOKEY charter discussions and can be
> found in the archives, but let me try a bit further to clarify here.
I don't want to re-visit the charter. I think there may be more than
one way to achieve the goals.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 23:05:15 +0000
From: "Glen Zorn" <glenzorn@comcast.net>
To: "'Alan DeKok'" <aland@nitros9.org>, <Bernard_Aboba@hotmail.com>
Cc: <radiusext@ops.ietf.org>
Subject: RE: E2E and crypto-agility
Date: Thu, 3 Jan 2008 15:04:17 -0800
Message-ID: <00b101c84e5c$f7e0c600$e7a25200$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AchIc3mu07zKmtxlSbS8ljbDlVVydAF55IWw
Content-Language: en-us
...
Back to my earlier question about "end to end", I think the only ends
that matter are the end user and home server. The NAS is in contact
with both, and can leverage it's relationship with the end user to do
things that are normally impossible in RADIUS. If we assume that the
end user and home RADIUS server can independently derive keying
material, then the server can supply keying material to the NAS, and the
end user can do the same. The NAS can then derive keying material,
without it being exposed to anyone else.
e.g. RADIUS, end-user: derive K', K''
RADIUS -> NAS: E = ENC(K') (using key K'')
end-user -> NAS: K''
If we assume that each RADIUS hop also encrypts E using the
Tunnel-Password method:
T = tunnel_encrypt(per-hop-secret, E)
Then we have the following properties:
- no RADIUS proxy knows K' (they only know E)
- The NAS can derive K' from E and K''
- an attacker watching RADIUS only knows T
- an attacker watching the end-user traffic only knows K''
- an attacker watching *both* RADIUS and supplicant traffic knows
T and K'', which is insufficient to derive K'
- any intermediary RADIUS proxy that handles tunnel-password
encryption can transport E.
[gwz]
It's hard to see how this solves any known problem. We already know how te
secure the key on the wire; the only problem is with evil proxies. Since in
the last step the end-user transmits K'' to the NAS (necessarily unencrypted
since the peer & NAS do not yet share any keying material) you have
basically divulged your key-encrypting key to the world, which of course
includes any RADIUS proxies that were in the forwarding path. So what does
this help?
[/gwz]
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 23:03:57 +0000
DomainKey-Signature: s=qcdkim; d=qualcomm.com; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:Received: X-MimeOLE:Content-class:MIME-Version:Content-Type: Content-Transfer-Encoding:Subject:Date:Message-ID: In-Reply-To:X-MS-Has-Attach:X-MS-TNEF-Correlator: Thread-Topic:Thread-Index:References:From:To:Cc: X-OriginalArrivalTime; b=A4JTYlWVlb8B/I/65LzWgfscBAktHRAVDyv76ywu98ir/j3bjv+myAfI NFTCjdhy47K3YACcn9uIPdmmq8M8qFdSA1oevS7qqF7mNLryLb6fjCnx8 uSMC+C+fR4yrVeTOEMfyTFx58ltVjh8aw+oWvFt5cdUqmqtb3+pnMKIQN 8=;
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Date: Thu, 3 Jan 2008 15:02:22 -0800
Message-ID: <C24CB51D5AA800449982D9BCB9032513C22741@NAEX13.na.qualcomm.com>
Thread-Topic: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Thread-Index: AchOVGV0Go306gAkSfC9FgbF/UaBPwAA8p4A
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: "Alan DeKok" <aland@deployingradius.com>
Cc: <hokey@ietf.org>, "radext mailing list" <radiusext@ops.ietf.org>
Hi Alan,
Some of this is revisiting the HOKEY charter discussions and can be
found in the archives, but let me try a bit further to clarify here.=20
Consider the following figure:=20
-----------
| AAA-Home |
-----------
|
------------------------------------------------------
| |
-------------------
-------------------
| Local ER server A | | Local ER
server B |
| (Domain A) | | (Domain
B) |
-------------------
-------------------
| |
--------------
--------------
| | |
|
-------- -------- --------
--------
| NAS A1 | | NAS A2 | | NAS B1 |
| NAS B2 |
-------- -------- --------
--------
------
| Peer | ---------->
------
In the figure above, the peer is attached to a NAS (say, A1) in Domain
A, while its home domain corresponds to AAA-Home" which is potentially
much further away than Domain A is. The first time around, the peer
authenticates with its home AAA server, which results in an MSK at NAS
A1 and an EMSK at AAA-Home. This is in accordance with regular EAP
operation. When the peer, the local domain and the AAA-Home also
support ERP, a DSRK (DSRK1) may be requested by the local ER server A at
the time of the EAP exchange. DSRK1 is derived from the EMSK and given
to the Local ER Server A. Now, when the peer moves from NAS A1 to NAS
A2, it only needs to perform an ERP exchange with the Local ER Server A.
No exchange is required with AAA-Home. This finishes much quicker than
an exchange that would have to go all the way to AAA-Home. =20
It is when the peer moves from Domain A to Domain B that the peer has to
talk to AAA-Home again. At this point, a DSRK2 may be given to Local ER
Server B, which then gets used for re-authentication within that domain
(say, when the peer moves from NAS B1 to NAS B2). =20
As shown, all re-authentications within a local domain are restricted to
that domain with no exchanges needed with the home domain (unless the
DSRK expired). Exchanges involve the home domain when the peer crosses
domain boundaries. =20
Hope this helps. =20
Thanks,
Vidya
> -----Original Message-----
> From: Alan DeKok [mailto:aland@deployingradius.com]=20
> Sent: Thursday, January 03, 2008 2:01 PM
> To: Narayanan, Vidya
> Cc: hokey@ietf.org; 'radext mailing list'
> Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
>=20
> Narayanan, Vidya wrote:
> > Thanks for the review. Let me attempt to clarify a few things that=20
> > may answer majority of your questions below. The DSRK is a domain=20
> > specific root key that is derived from the EMSK for the purpose of=20
> > having a local EAP Re-authentication server (ER server) in=20
> the visited domain.
>=20
> I'm not sure I understand why. If there isn't an EAP=20
> re-authentication server, then the EAP authentications will=20
> go through the local AAA server. So there is significant=20
> benefit in *always* going through the local AAA server. i.e.=20
> having the AAA servers cache the keys required for re-authentication.
>=20
> > "Visited domain" doesn't necessarily imply administrative=20
> in this case=20
> > - a large domain can be broken up into multiple smaller domains for=20
> > sake of efficient re-authentication.
>=20
> I'm not sure I understand how this helps efficiency. If=20
> there's one large domain for the initial authentication, then=20
> only one domain is needed. If the home server can handle the=20
> re-authentication, then there's doubly no need for multiple domains.
>=20
> > This is done so that the latency involved in=20
> reauthentication at the=20
> > time of a handoff for a peer is minimal (the peer doesn't=20
> have to go=20
> > back to the home AAA server to get reauthenticated). When the peer=20
> > hands off across domains (i.e., leaves the boundary of an=20
> ER server),=20
> > it needs to communicate with the home AAA server to obtain=20
> a new DSRK=20
> > for the new ER server. This may be done using a full EAP=20
> exchange or=20
> > with an ER exchange with the home AAA server.
>=20
> If the re-authentication has to go back to the home AAA=20
> server for a to obtain a new DSRK, why are there multiple=20
> domains? The home server is manifestly capable of handling=20
> all re-authentication requests.
>=20
> > The problem statement and use cases are described further in=20
> >=20
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt.
> > The ERX protocol draft itself describes the protocol in detail -=20
> >=20
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt=20
> > - figure 2, for instance, shows the recipient of the DSRK=20
> and how it=20
> > is further used for reauthentication during authenticator changes=20
> > within that domain.
>=20
> I think I need to address many of my comments to that draft.
>=20
> > Hope this clarifies many of the things you ask below. A=20
> few further=20
> > comments inline on the other questions.
>=20
> It clarifies it a little. I've gone over the problem=20
> statement draft, and have some questions about it.
>=20
> > Actually, this document has gone through a couple of=20
> contortions due=20
> > to lack of clarity from the RADIUS side on how to proceed here.
>=20
> The radext WG is always available to answer questions. =20
> I've been lurking on hokey for a while, but until recently=20
> have been too busy to pay much attention to the drafts.
>=20
> > There will only be one key response, but the key name is=20
> still needed=20
> > so that the peer, upon reauthentication later, can refer to the key.
>=20
> Ok... I have questions, but I'll address them to another=20
> draft, I think.
>=20
> > As I mentioned before, there is no goal to change the=20
> RADIUS security=20
> > measures. This draft will also be updated to work with keywrap and=20
> > DTLS
>=20
> I don't believe either method is strictly necessary for=20
> transporting these keys. There are alternatives that should=20
> be able to work.
>=20
> Alan DeKok.
>=20
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 22:04:03 +0000
Message-ID: <477D5B13.9060305@deployingradius.com>
Date: Thu, 03 Jan 2008 23:00:51 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
CC: hokey@ietf.org, 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Narayanan, Vidya wrote:
> Thanks for the review. Let me attempt to clarify a few things that may
> answer majority of your questions below. The DSRK is a domain specific
> root key that is derived from the EMSK for the purpose of having a local
> EAP Re-authentication server (ER server) in the visited domain.
I'm not sure I understand why. If there isn't an EAP
re-authentication server, then the EAP authentications will go through
the local AAA server. So there is significant benefit in *always* going
through the local AAA server. i.e. having the AAA servers cache the
keys required for re-authentication.
> "Visited domain" doesn't necessarily imply administrative in this case -
> a large domain can be broken up into multiple smaller domains for sake
> of efficient re-authentication.
I'm not sure I understand how this helps efficiency. If there's one
large domain for the initial authentication, then only one domain is
needed. If the home server can handle the re-authentication, then
there's doubly no need for multiple domains.
> This is done so that the latency involved in reauthentication at the
> time of a handoff for a peer is minimal (the peer doesn't have to go
> back to the home AAA server to get reauthenticated). When the peer
> hands off across domains (i.e., leaves the boundary of an ER server), it
> needs to communicate with the home AAA server to obtain a new DSRK for
> the new ER server. This may be done using a full EAP exchange or with
> an ER exchange with the home AAA server.
If the re-authentication has to go back to the home AAA server for a
to obtain a new DSRK, why are there multiple domains? The home server
is manifestly capable of handling all re-authentication requests.
> The problem statement and use cases are described further in
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt.
> The ERX protocol draft itself describes the protocol in detail -
> http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt -
> figure 2, for instance, shows the recipient of the DSRK and how it is
> further used for reauthentication during authenticator changes within
> that domain.
I think I need to address many of my comments to that draft.
> Hope this clarifies many of the things you ask below. A few further
> comments inline on the other questions.
It clarifies it a little. I've gone over the problem statement draft,
and have some questions about it.
> Actually, this document has gone through a couple of contortions due to
> lack of clarity from the RADIUS side on how to proceed here.
The radext WG is always available to answer questions. I've been
lurking on hokey for a while, but until recently have been too busy to
pay much attention to the drafts.
> There will only be one key response, but the key name is still needed so
> that the peer, upon reauthentication later, can refer to the key.
Ok... I have questions, but I'll address them to another draft, I think.
> As I mentioned before, there is no goal to change the RADIUS security
> measures. This draft will also be updated to work with keywrap and DTLS
I don't believe either method is strictly necessary for transporting
these keys. There are alternatives that should be able to work.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 17:08:46 +0000
Message-ID: <BAY117-W280E913386C270751A933893530@phx.gbl>
Content-Type: multipart/alternative; boundary="_72921a68-2af9-4fd8-beb7-b0b686974df4_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <radiusext@ops.ietf.org>, <mikem@open.com.au>
Subject: Proposed Resolution to Issue
Date: Thu, 3 Jan 2008 09:07:16 -0800
MIME-Version: 1.0
--_72921a68-2af9-4fd8-beb7-b0b686974df4_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
FYI. Here are the proposed changes to RFC 5090 to address the problems tha=
t Mike found in Appendix A.=20
> Subject: RE: AUTH48 [SG]: RFC 5090 <draft-ietf-radext-rfc4590bis-02.txt> =
NOW AVAILABLE> Date: Thu, 3 Jan 2008 17:07:13 +0200> From: Baruch.Sterman@K=
ayote.com> To: rfc-editor@rfc-editor.org; beckw@t-systems.com> CC: david.sc=
hwartz@xconnect.net; dscreat@dscreat.com; dwilli@cisco.com; dromasca@avaya.=
com; rbonica@juniper.net; d.b.nelson@comcast.net; bernard_aboba@hotmail.com=
> > Here are corrections to the examples as per David's input. I hope this>=
will put all of the outstanding issues to rest so that we can all sign> of=
f on the document. > > There are essentially 2 corrections. In each example=
, the response> should be changed in two places.> > On page 24, change:> > =
> A->B> > INVITE sip:97226491335@example.com SIP/2.0> Proxy-Authorization: =
Digest algorithm=3D"md5",nonce=3D"3bada1a0"> ,realm=3D"example.com"> ,respo=
nse=3D"7679b84a560835846ec553174dbabb69"> ,uri=3D"sip:97226491335@example.c=
om",username=3D"12345678"> ,qop=3Dauth,algorithm=3DMD5> ,cnonce=3D"56593a80=
,nc=3D"00000001"> > From: <sip:12345678@example.com>> To: <sip:97226491335@=
example.com>> > > B->C> > Code =3D Access-Request (1)> Packet identifier =
=3D 0x7d (125)> Length =3D 221> Authenticator =3D F5E55840E324AA49D216D9DBD=
069807D> NAS-IP-Address =3D 192.0.2.38> NAS-Port =3D 5> User-Name =3D 12345=
678> Digest-Method =3D INVITE> Digest-URI =3D sip:97226491335@example.com> =
Digest-Realm =3D example.com> Digest-Qop =3D auth> Digest-Algorithm =3D MD5=
> Digest-CNonce =3D 56593a80> Digest-Nonce =3D 3bada1a0> Digest-Nonce-Count=
=3D 00000001> Digest-Response =3D 7679b84a560835846ec553174dbabb69> Digest=
-Username =3D 12345678> SIP-AOR =3D sip:12345678@example.com> Message-Authe=
nticator =3D BD037498E8385878A46ECF4D5F8D2B48> > > To> > A->B> > INVITE sip=
:97226491335@example.com SIP/2.0> Proxy-Authorization: Digest algorithm=3D"=
md5",nonce=3D"3bada1a0"> ,realm=3D"example.com"> ,response=3D"756933f735fcd=
93f90a4bbdd5467f263"> ,uri=3D"sip:97226491335@example.com",username=3D"1234=
5678"> ,qop=3Dauth,algorithm=3DMD5> ,cnonce=3D"56593a80,nc=3D"00000001"> > =
From: <sip:12345678@example.com>> To: <sip:97226491335@example.com>> > > B-=
>C> > Code =3D Access-Request (1)> Packet identifier =3D 0x7d (125)> Length=
=3D 221> Authenticator =3D F5E55840E324AA49D216D9DBD069807D> NAS-IP-Addres=
s =3D 192.0.2.38> NAS-Port =3D 5> User-Name =3D 12345678> Digest-Method =3D=
INVITE> Digest-URI =3D sip:97226491335@example.com> Digest-Realm =3D examp=
le.com> Digest-Qop =3D auth> Digest-Algorithm =3D MD5> Digest-CNonce =3D 56=
593a80> Digest-Nonce =3D 3bada1a0> Digest-Nonce-Count =3D 00000001> Digest-=
Response =3D 756933f735fcd93f90a4bbdd5467f263> Digest-Username =3D 12345678=
> SIP-AOR =3D sip:12345678@example.com> Message-Authenticator =3D BD037498E=
8385878A46ECF4D5F8D2B48> > > And on page 26, change> > > > A->B> > GET /ind=
ex.html HTTP/1.1> Authorization: Digest algorithm=3DMD5,qop=3Dauth,nonce=3D=
"a3086ac8"> ,nc=3D"00000001",cnonce=3D"56593a78"> ,realm=3D"example.com"> ,=
response=3D"ba623217b5ec024d30c4aaef9d8494de"> ,uri=3D"/index.html",usernam=
e=3D"12345678"> > B->C> > Code =3D Access-Request (1)> Packet identifier =
=3D 0x7f (127)> Length =3D 176> Authenticator =3D F5E55840E324AA49D216D9DBD=
069807F> NAS-IP-Address =3D 192.0.2.38> NAS-Port =3D 5> User-Name =3D 12345=
678> Digest-Method =3D GET> Digest-URI =3D /index.html> Digest-Realm =3D ex=
ample.com> Digest-Qop =3D auth> Digest-Algorithm =3D MD5> Digest-CNonce =3D=
56593a80> Digest-Nonce =3D a3086ac8> Digest-Nonce-Count =3D 00000001> Dige=
st-Response =3D ba623217b5ec024d30c4aaef9d8494de> Digest-Username =3D 12345=
678> Message-Authenticator =3D C360BFCEDFFBCE893469E802013DA5AA> > > To> > =
> > A->B> > GET /index.html HTTP/1.1> Authorization: Digest algorithm=3DMD5=
,qop=3Dauth,nonce=3D"a3086ac8"> ,nc=3D"00000001",cnonce=3D"56593a78"> ,real=
m=3D"example.com"> ,response=3D" a4fac45c27a30f4f244c54a2e99fa117"> ,uri=3D=
"/index.html",username=3D"12345678"> > B->C> > Code =3D Access-Request (1)>=
Packet identifier =3D 0x7f (127)> Length =3D 176> Authenticator =3D F5E558=
40E324AA49D216D9DBD069807F> NAS-IP-Address =3D 192.0.2.38> NAS-Port =3D 5> =
User-Name =3D 12345678> Digest-Method =3D GET> Digest-URI =3D /index.html> =
Digest-Realm =3D example.com> Digest-Qop =3D auth> Digest-Algorithm =3D MD5=
> Digest-CNonce =3D 56593a80> Digest-Nonce =3D a3086ac8> Digest-Nonce-Count=
=3D 00000001> Digest-Response =3D a4fac45c27a30f4f244c54a2e99fa117> Digest=
-Username =3D 12345678> Message-Authenticator =3D C360BFCEDFFBCE893469E8020=
13DA5AA> > > > > Thanks to David and group.> > Baruch> > =
--_72921a68-2af9-4fd8-beb7-b0b686974df4_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
FYI. Here are the proposed changes to RFC 5090 to address the problem=
s that Mike found in Appendix A. <BR>
<BR>> Subject: RE: AUTH48 [SG]: RFC 5090 <draft-ietf-radext-rfc4590bi=
s-02.txt> NOW AVAILABLE<BR>> Date: Thu, 3 Jan 2008 17:07:13 +0200<BR>=
> From: Baruch.Sterman@Kayote.com<BR>> To: rfc-editor@rfc-editor.org;=
beckw@t-systems.com<BR>> CC: david.schwartz@xconnect.net; dscreat@dscre=
at.com; dwilli@cisco.com; dromasca@avaya.com; rbonica@juniper.net; d.b.nels=
on@comcast.net; bernard_aboba@hotmail.com<BR>> <BR>> Here are correct=
ions to the examples as per David's input. I hope this<BR>> will put all=
of the outstanding issues to rest so that we can all sign<BR>> off on t=
he document. <BR>> <BR>> There are essentially 2 corrections. In each=
example, the response<BR>> should be changed in two places.<BR>> <BR=
>> On page 24, change:<BR>> <BR>> <BR>> A->B<BR>> <BR>>=
; INVITE sip:97226491335@example.com SIP/2.0<BR>> Proxy-Authorization: D=
igest algorithm=3D"md5",nonce=3D"3bada1a0"<BR>> ,realm=3D"example.com"<B=
R>> ,response=3D"7679b84a560835846ec553174dbabb69"<BR>> ,uri=3D"sip:9=
7226491335@example.com",username=3D"12345678"<BR>> ,qop=3Dauth,algorithm=
=3DMD5<BR>> ,cnonce=3D"56593a80,nc=3D"00000001"<BR>> <BR>> From: &=
lt;sip:12345678@example.com><BR>> To: <sip:97226491335@example.com=
><BR>> <BR>> <BR>> B->C<BR>> <BR>> Code =3D Access-Req=
uest (1)<BR>> Packet identifier =3D 0x7d (125)<BR>> Length =3D 221<BR=
>> Authenticator =3D F5E55840E324AA49D216D9DBD069807D<BR>> NAS-IP-Add=
ress =3D 192.0.2.38<BR>> NAS-Port =3D 5<BR>> User-Name =3D 12345678<B=
R>> Digest-Method =3D INVITE<BR>> Digest-URI =3D sip:97226491335@exam=
ple.com<BR>> Digest-Realm =3D example.com<BR>> Digest-Qop =3D auth<BR=
>> Digest-Algorithm =3D MD5<BR>> Digest-CNonce =3D 56593a80<BR>> D=
igest-Nonce =3D 3bada1a0<BR>> Digest-Nonce-Count =3D 00000001<BR>> Di=
gest-Response =3D 7679b84a560835846ec553174dbabb69<BR>> Digest-Username =
=3D 12345678<BR>> SIP-AOR =3D sip:12345678@example.com<BR>> Message-A=
uthenticator =3D BD037498E8385878A46ECF4D5F8D2B48<BR>> <BR>> <BR>>=
To<BR>> <BR>> A->B<BR>> <BR>> INVITE sip:97226491335@exampl=
e.com SIP/2.0<BR>> Proxy-Authorization: Digest algorithm=3D"md5",nonce=
=3D"3bada1a0"<BR>> ,realm=3D"example.com"<BR>> ,response=3D"756933f73=
5fcd93f90a4bbdd5467f263"<BR>> ,uri=3D"sip:97226491335@example.com",usern=
ame=3D"12345678"<BR>> ,qop=3Dauth,algorithm=3DMD5<BR>> ,cnonce=3D"565=
93a80,nc=3D"00000001"<BR>> <BR>> From: <sip:12345678@example.com&g=
t;<BR>> To: <sip:97226491335@example.com><BR>> <BR>> <BR>>=
; B->C<BR>> <BR>> Code =3D Access-Request (1)<BR>> Packet ident=
ifier =3D 0x7d (125)<BR>> Length =3D 221<BR>> Authenticator =3D F5E55=
840E324AA49D216D9DBD069807D<BR>> NAS-IP-Address =3D 192.0.2.38<BR>> N=
AS-Port =3D 5<BR>> User-Name =3D 12345678<BR>> Digest-Method =3D INVI=
TE<BR>> Digest-URI =3D sip:97226491335@example.com<BR>> Digest-Realm =
=3D example.com<BR>> Digest-Qop =3D auth<BR>> Digest-Algorithm =3D MD=
5<BR>> Digest-CNonce =3D 56593a80<BR>> Digest-Nonce =3D 3bada1a0<BR>&=
gt; Digest-Nonce-Count =3D 00000001<BR>> Digest-Response =3D 756933f735f=
cd93f90a4bbdd5467f263<BR>> Digest-Username =3D 12345678<BR>> SIP-AOR =
=3D sip:12345678@example.com<BR>> Message-Authenticator =3D BD037498E838=
5878A46ECF4D5F8D2B48<BR>> <BR>> <BR>> And on page 26, change<BR>&g=
t; <BR>> <BR>> <BR>> A->B<BR>> <BR>> GET /index.html HTTP=
/1.1<BR>> Authorization: Digest algorithm=3DMD5,qop=3Dauth,nonce=3D"a308=
6ac8"<BR>> ,nc=3D"00000001",cnonce=3D"56593a78"<BR>> ,realm=3D"exampl=
e.com"<BR>> ,response=3D"ba623217b5ec024d30c4aaef9d8494de"<BR>> ,uri=
=3D"/index.html",username=3D"12345678"<BR>> <BR>> B->C<BR>> <BR=
>> Code =3D Access-Request (1)<BR>> Packet identifier =3D 0x7f (127)<=
BR>> Length =3D 176<BR>> Authenticator =3D F5E55840E324AA49D216D9DBD0=
69807F<BR>> NAS-IP-Address =3D 192.0.2.38<BR>> NAS-Port =3D 5<BR>>=
User-Name =3D 12345678<BR>> Digest-Method =3D GET<BR>> Digest-URI =
=3D /index.html<BR>> Digest-Realm =3D example.com<BR>> Digest-Qop =3D=
auth<BR>> Digest-Algorithm =3D MD5<BR>> Digest-CNonce =3D 56593a80<B=
R>> Digest-Nonce =3D a3086ac8<BR>> Digest-Nonce-Count =3D 00000001<BR=
>> Digest-Response =3D ba623217b5ec024d30c4aaef9d8494de<BR>> Digest-U=
sername =3D 12345678<BR>> Message-Authenticator =3D C360BFCEDFFBCE893469=
E802013DA5AA<BR>> <BR>> <BR>> To<BR>> <BR>> <BR>> <BR>>=
; A->B<BR>> <BR>> GET /index.html HTTP/1.1<BR>> Authorization: =
Digest algorithm=3DMD5,qop=3Dauth,nonce=3D"a3086ac8"<BR>> ,nc=3D"0000000=
1",cnonce=3D"56593a78"<BR>> ,realm=3D"example.com"<BR>> ,response=3D"=
a4fac45c27a30f4f244c54a2e99fa117"<BR>> ,uri=3D"/index.html",username=3D=
"12345678"<BR>> <BR>> B->C<BR>> <BR>> Code =3D Access-Reques=
t (1)<BR>> Packet identifier =3D 0x7f (127)<BR>> Length =3D 176<BR>&g=
t; Authenticator =3D F5E55840E324AA49D216D9DBD069807F<BR>> NAS-IP-Addres=
s =3D 192.0.2.38<BR>> NAS-Port =3D 5<BR>> User-Name =3D 12345678<BR>&=
gt; Digest-Method =3D GET<BR>> Digest-URI =3D /index.html<BR>> Digest=
-Realm =3D example.com<BR>> Digest-Qop =3D auth<BR>> Digest-Algorithm=
=3D MD5<BR>> Digest-CNonce =3D 56593a80<BR>> Digest-Nonce =3D a3086a=
c8<BR>> Digest-Nonce-Count =3D 00000001<BR>> Digest-Response =3D a4fa=
c45c27a30f4f244c54a2e99fa117<BR>> Digest-Username =3D 12345678<BR>> M=
essage-Authenticator =3D C360BFCEDFFBCE893469E802013DA5AA<BR>> <BR>> =
<BR>> <BR>> <BR>> Thanks to David and group.<BR>> <BR>> Baru=
ch<BR>> <BR>> <BR><BR></body>
</html>=
--_72921a68-2af9-4fd8-beb7-b0b686974df4_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 08:55:37 +0000
Message-ID: <BAY117-W8FF6BAF5C90C4FD16D61293530@phx.gbl>
Content-Type: multipart/alternative; boundary="_092f2560-0514-4f2e-a822-026db3f5c7a1_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Alan DeKok <aland@nitros9.org>, Glen Zorn <glenzorn@comcast.net>
CC: <radiusext@ops.ietf.org>
Subject: RE: Questions on modified Extended Attribute format?
Date: Thu, 3 Jan 2008 00:54:25 -0800
MIME-Version: 1.0
--_092f2560-0514-4f2e-a822-026db3f5c7a1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
> This proposal breaks that completely. It will be perfectly legal for> imp=
lementations of your proposal to put ALL RADIUS attributes as> grouped, ins=
ide of an "extended attribute". Any NAS that receives such> a response will=
get a packet containing *nothing* but VSA's. It will> then decide that the=
re is nothing in the packet that it recognizes, and> will fail.
>
> i.e. your proposal creates a new protocol that is incompatible with> lega=
cy RADIUS.
=20
Presumbably new attributes using the extended format will define=20
whether they can be grouped or not, and if so, what the grouping
means. =20
=20
But what about legacy attributes? For example, what would it mean for a=20
NAS-Identifier attribute to be grouped with say, a Tunnel-Password
attribute? Presumably, this document would not define the semantics
of grouping for legacy attributes, which begs the question of where,
if anywhere, that semantic would be specified. =20
=20
Unless that semantic is specified somewhere (and I doubt it would be
specified anywhere for a substantial period of time), then the semantics
of grouping of legacy attributes is likely to be "implementation specific".=
=20
=20
So not only would the "new" RADIUS not be backward compatible with
the old one -- it wouldn't even have a public specification. =
--_092f2560-0514-4f2e-a822-026db3f5c7a1_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
<BR>> This proposal breaks that completely. It will be perfectly legal f=
or<BR>> implementations of your proposal to put ALL RADIUS attributes as=
<BR>> grouped, inside of an "extended attribute". Any NAS that receives =
such<BR>> a response will get a packet containing *nothing* but VSA's. I=
t will<BR>> then decide that there is nothing in the packet that it reco=
gnizes, and<BR>> will fail.<BR>
><BR>
> i.e. your proposal creates a new protocol that is incompatible with<BR=
>> legacy RADIUS.<BR>
<BR>
Presumbably new attributes using the extended format will define <BR>
whether they can be grouped or not, and if so, what the grouping<BR>
means. <BR>
<BR>
But what about legacy attributes? For example, what would it mean for=
a <BR>
NAS-Identifier attribute to be grouped with say, a Tunnel-Password<BR>
attribute? Presumably, this document would not define the seman=
tics<BR>
of grouping for legacy attributes, which begs the question of where,<BR>
if anywhere, that semantic would be specified. <BR>
<BR>
Unless that semantic is specified somewhere (and I doubt it would be<BR>
specified anywhere for a substantial period of time), then the semantics<BR=
>
of grouping of legacy attributes is likely to be "implementation specific".=
<BR>
<BR>
So not only would the "new" RADIUS not be backward compatible with<BR>
the old one -- it wouldn't even have a public specification. <BR></body>
</html>=
--_092f2560-0514-4f2e-a822-026db3f5c7a1_--
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 05:03:01 +0000
Message-ID: <477C6BFC.6040808@nitros9.org>
Date: Thu, 03 Jan 2008 06:00:44 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: 'radext mailing list' <radiusext@ops.ietf.org>, kgaonkar3@gatech.edu, Lakshminath Dondeti <ldondeti@qualcomm.com>, vidyan@qualcomm.com
Subject: Review of draft-gaonkar-radext-erp-attrs-02.txt
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
I've read the draft, and have a few comments.
These
attributes can be used by a visited network entity to request a key
from the home network and the home domain to deliver the key to the
visited network entity
Why is the visited network requesting keys? Is the user involved in
this request? Does the user know that the visited network is requesting
keys on his behalf?
These issues are referenced in the security section. However, that
section says that channel bindings *may* be necessary. It looks to me
like they are required to avoid a large class of security / information
leakage.
The key-request attribute contains the requesting entity's identity
and the type of the key being requested.
Why is it necessary to have the requesting entities identity? Can
multiple servers in a proxy chain make requests at the same time? If
so, why? What benefit does this serve?
The key-response attribute contains the requesting entity's identity,
the type of the key, the key itself, its length, name and lifetime.
Are key lifetimes different from user session lifetimes? RADIUS
already has support for Session-Timeout, which would seem to put an
upper limit on key lifetimes, at least for one session. Are these keys
to be cached across multiple user sessions? If so, this document should
say.
[ key request attribute ]
The Requesting Entity's Identity is to be copied in the
corresponding Key-Response attribute.
The following section says that the response MAY include the identity.
That section then says the identity "is to be included". The text
should agree with itself.
The next section says that the identity can be only 192 octets in
length, but that limitation is not discussed here. It should be.
The guidelines document discusses packing multiple fields into one
attribute:
http://www.ietf.org/internet-drafts/draft-ietf-radext-design-02.txt
The document doesn't say whether or not only one key-request attribute
is permitted in an Access-Request. If only one is permitted, then all
of the packed fields in both attributes MUST be broken out into separate
attributes. That will enable legacy implementations to deal with the
attributes. i.e. not only support them, but enforce policies based on them.
What is the purpose of the "key name" field? This document doesn't
say, and it doesn't refer to other documents which could explain the
utility of that field. Including a key name in a key response attribute
would seem to indicate that more than one key response is permitted in
an Access-Accept. If so, this needs to be explained, including
use-cases. If not, the key name is not needed.
A stricter version of RFC 3756 requirements apply for RADIUS
messages carrying Key-Response Attribute(s). Implementations of
this specification MUST support IPsec along with IKEv2 for key
management. IPsec ESP with a non-null transform MUST be
supported, and IPsec ESP with a non-null encryption transform and
authentication support is necessary to provide per-packet
confidentiality, authentication, integrity and replay protection.
This requirement imposes a heavy burden on any implementation of this
proposal. Most existing RADIUS EAP deployments do not use IPSec as a
transport layer. I also question the necessity for exposing the DSRK
"in the clear" to all parties in the AAA conversation.
i.e. in a proxy environment, entities who transport the traffic do NOT
request the key, but can see it "in the clear". Not only that, but they
can modify the key without detection, as the key is not authenticated.
This issue is not discussed in the security section.
It would also appear to be a fatal flaw in this proposal: keys being
exposed to entities that don't need to see the key, and lack of
integrity checks on the keys themselves.
I question why the visited *network* needs the DSRK, as opposed to the
visited *NAS*. This document does not discuss any use-cases or
requirements that would make this distinction clear.
From what I see, only the NAS requires access to any keying material.
For security, we can presume that the keys are opaque to everyone on
the network other than the user and the home server which authenticates
that user. Anyone else needing access to those keys can prove their
need to either the user, or to the home server. And in general, no one
needs to get the key from the home server,
Since the NAS is already in direct contact with the user, it becomes
clear that the NAS can ask the user how to interpret any keying material
it has. Since that keying material is opaque to everyone else, there is
no security issue with it being exposed, because it has no useful
information. Since that keying material is opaque, anyone and everyone
with access to it can cache it.
See the following message for a short exposition of the concepts
outlined above:
http://ops.ietf.org/lists/radiusext/2007/msg01001.html
That proposal would seem to meet the requirements outlined for this
document, from what I can understand. (The requirements and use-cases
outlined here are unclear). That proposal can be modified to include
key lifetime, if necessary. That proposal avoids all of the security
issues inherent in this design.
For this proposal to move forward, it needs to have clearer use-cases
and requirements. And it needs to address the security issues that are
currently fatal flaws.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
Envelope-to: radiusext-data@psg.com
Delivery-date: Thu, 03 Jan 2008 04:15:30 +0000
Message-ID: <477C60D6.3020008@nitros9.org>
Date: Thu, 03 Jan 2008 05:13:10 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: Glen Zorn <glenzorn@comcast.net>
CC: radiusext@ops.ietf.org
Subject: Re: Questions on modified Extended Attribute format?
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Glen Zorn wrote:
> As I said, put that way or any other way you like, ANY change is
> incompatible with existing deployments. If one were to add a new "standard"
> attribute (in the old format or the proposed VSA-like format or any other)
> it would be incompatible with existing deployments.
That isn't the point. Everyone accepts that implementations have to
be updated to handle new standards. One of the major efforts in RADIUS
has been to maintain backwards compatibility with existing deployments.
i.e. if a product doesn't implement the new standard, it can still
communicate with products that do implement that standard.
This proposal breaks that completely. It will be perfectly legal for
implementations of your proposal to put ALL RADIUS attributes as
grouped, inside of an "extended attribute". Any NAS that receives such
a response will get a packet containing *nothing* but VSA's. It will
then decide that there is nothing in the packet that it recognizes, and
will fail.
i.e. your proposal creates a new protocol that is incompatible with
legacy RADIUS.
> Actually, while the timeframe was long, the discussion wasn't: I've only
> received a couple of comments on it in the last months. It _did_ take an
> inordinate amount of time to reject the 'Diameterization' of RADIUS,
> though...
This proposal is no better. It's worse in many respects.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>